Merge remote-tracking branch 'origin/main' into mbg/pr-checks/validation-jobs

2026-04-01 09:12:17 +00:00 · 2026-03-09 17:58:41 +00:00
parent 5ddbbbe614 3c97288d80
commit 8ba8180559
54 changed files with 753 additions and 936 deletions
--- a/.github/workflows/__analysis-kinds.yml
+++ b/.github/workflows/__analysis-kinds.yml
@@ -92,7 +92,7 @@ jobs:
          post-processed-sarif-path: '${{ runner.temp }}/post-processed'

      - name: Upload SARIF files
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
        with:
          name: |
            analysis-kinds-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
@@ -100,7 +100,7 @@ jobs:
          retention-days: 7

      - name: Upload post-processed SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
        with:
          name: |
            post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
--- a/.github/workflows/__analyze-ref-input.yml
+++ b/.github/workflows/__analyze-ref-input.yml
@@ -35,11 +35,6 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
  workflow_call:
    inputs:
      dotnet-version:
@@ -52,17 +47,12 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
  run:
    shell: bash
 concurrency:
  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
-  group: analyze-ref-input-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
+  group: analyze-ref-input-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
 jobs:
  analyze-ref-input:
    strategy:
@@ -90,11 +80,6 @@ jobs:
        with:
          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest' || !matrix.version
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__bundle-zstd.yml
+++ b/.github/workflows/__bundle-zstd.yml
@@ -82,7 +82,7 @@ jobs:
          output: ${{ runner.temp }}/results
          upload-database: false
      - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
        with:
          name: ${{ matrix.os }}-zstd-bundle.sarif
          path: ${{ runner.temp }}/results/javascript.sarif
--- a/.github/workflows/__config-export.yml
+++ b/.github/workflows/__config-export.yml
@@ -70,7 +70,7 @@ jobs:
          output: '${{ runner.temp }}/results'
          upload-database: false
      - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
        with:
          name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
          path: '${{ runner.temp }}/results/javascript.sarif'
--- a/.github/workflows/__diagnostics-export.yml
+++ b/.github/workflows/__diagnostics-export.yml
@@ -81,7 +81,7 @@ jobs:
          output: '${{ runner.temp }}/results'
          upload-database: false
      - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
        with:
          name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
          path: '${{ runner.temp }}/results/javascript.sarif'
--- a/.github/workflows/__export-file-baseline-information.yml
+++ b/.github/workflows/__export-file-baseline-information.yml
@@ -102,7 +102,7 @@ jobs:
        with:
          output: '${{ runner.temp }}/results'
      - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
        with:
          name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json
          path: '${{ runner.temp }}/results/javascript.sarif'
--- a/.github/workflows/__job-run-uuid-sarif.yml
+++ b/.github/workflows/__job-run-uuid-sarif.yml
@@ -67,7 +67,7 @@ jobs:
        with:
          output: '${{ runner.temp }}/results'
      - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
        with:
          name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json
          path: '${{ runner.temp }}/results/javascript.sarif'
--- a/.github/workflows/__local-bundle.yml
+++ b/.github/workflows/__local-bundle.yml
@@ -35,11 +35,6 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
  workflow_call:
    inputs:
      dotnet-version:
@@ -52,17 +47,12 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
  run:
    shell: bash
 concurrency:
  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
-  group: local-bundle-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
+  group: local-bundle-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
 jobs:
  local-bundle:
    strategy:
@@ -90,11 +80,6 @@ jobs:
        with:
          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest' || !matrix.version
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml
+++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml
@@ -35,11 +35,6 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
  workflow_call:
    inputs:
      dotnet-version:
@@ -52,17 +47,12 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
  run:
    shell: bash
 concurrency:
  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
-  group: packaging-codescanning-config-inputs-js-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
+  group: packaging-codescanning-config-inputs-js-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
 jobs:
  packaging-codescanning-config-inputs-js:
    strategy:
@@ -101,11 +91,6 @@ jobs:
          cache: npm
      - name: Install dependencies
        run: npm ci
-      - name: Install Python
-        if: matrix.version != 'nightly-latest' || !matrix.version
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__remote-config.yml
+++ b/.github/workflows/__remote-config.yml
@@ -35,11 +35,6 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
  workflow_call:
    inputs:
      dotnet-version:
@@ -52,17 +47,12 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
  run:
    shell: bash
 concurrency:
  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
-  group: remote-config-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
+  group: remote-config-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
 jobs:
  remote-config:
    strategy:
@@ -92,11 +82,6 @@ jobs:
        with:
          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest' || !matrix.version
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__unset-environment.yml
+++ b/.github/workflows/__unset-environment.yml
@@ -35,11 +35,6 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
  workflow_call:
    inputs:
      dotnet-version:
@@ -52,17 +47,12 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
  run:
    shell: bash
 concurrency:
  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
-  group: unset-environment-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
+  group: unset-environment-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
 jobs:
  unset-environment:
    strategy:
@@ -92,11 +82,6 @@ jobs:
        with:
          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest' || !matrix.version
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__upload-ref-sha-input.yml
+++ b/.github/workflows/__upload-ref-sha-input.yml
@@ -35,11 +35,6 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
  workflow_call:
    inputs:
      dotnet-version:
@@ -52,17 +47,12 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
  run:
    shell: bash
 concurrency:
  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
-  group: upload-ref-sha-input-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
+  group: upload-ref-sha-input-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
 jobs:
  upload-ref-sha-input:
    strategy:
@@ -90,11 +80,6 @@ jobs:
        with:
          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest' || !matrix.version
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__upload-sarif.yml
+++ b/.github/workflows/__upload-sarif.yml
@@ -35,11 +35,6 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
  workflow_call:
    inputs:
      dotnet-version:
@@ -52,17 +47,12 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
  run:
    shell: bash
 concurrency:
  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
-  group: upload-sarif-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
+  group: upload-sarif-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
 jobs:
  upload-sarif:
    strategy:
@@ -97,11 +87,6 @@ jobs:
        with:
          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest' || !matrix.version
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__with-checkout-path.yml
+++ b/.github/workflows/__with-checkout-path.yml
@@ -35,11 +35,6 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
  workflow_call:
    inputs:
      dotnet-version:
@@ -52,17 +47,12 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
  run:
    shell: bash
 concurrency:
  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
-  group: with-checkout-path-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
+  group: with-checkout-path-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
 jobs:
  with-checkout-path:
    strategy:
@@ -91,11 +81,6 @@ jobs:
        with:
          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest' || !matrix.version
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/debug-artifacts-failure-safe.yml
+++ b/.github/workflows/debug-artifacts-failure-safe.yml
@@ -89,7 +89,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
      - name: Check expected artifacts exist
        run: |
          LANGUAGES="cpp csharp go java javascript python"
--- a/.github/workflows/debug-artifacts-safe.yml
+++ b/.github/workflows/debug-artifacts-safe.yml
@@ -83,7 +83,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
      - name: Check expected artifacts exist
        run: |
          VERSIONS="stable-v2.20.3 default linked nightly-latest"
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,12 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th

 ## [UNRELEASED]

-No user facing changes.
+- Fixed [a bug](https://github.com/github/codeql-action/issues/3555) which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. [#3557](https://github.com/github/codeql-action/pull/3557)
+- The CodeQL Action now loads [custom repository properties](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization) on GitHub Enterprise Server, enabling the customization of features such as `github-codeql-disable-overlay` that was previously only available on GitHub.com. [#3559](https://github.com/github/codeql-action/pull/3559)
+
+## 4.32.6 - 05 Mar 2026
+
+- Update default CodeQL bundle version to [2.24.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3). [#3548](https://github.com/github/codeql-action/pull/3548)

 ## 4.32.5 - 02 Mar 2026

--- a/lib/analyze-action-post.js
+++ b/lib/analyze-action-post.js
@@ -45986,7 +45986,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -46053,14 +46053,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -162243,11 +162243,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -45986,7 +45986,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -46053,14 +46053,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -107350,8 +107350,8 @@ var path5 = __toESM(require("path"));
 var semver5 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.24.2";
-var cliVersion = "2.24.2";
+var bundleVersion = "codeql-bundle-v2.24.3";
+var cliVersion = "2.24.3";

 // src/overlay/index.ts
 var fs3 = __toESM(require("fs"));
@@ -107992,11 +107992,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/lib/autobuild-action.js
+++ b/lib/autobuild-action.js
@@ -45986,7 +45986,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -46053,14 +46053,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -103820,8 +103820,8 @@ var path3 = __toESM(require("path"));
 var semver5 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.24.2";
-var cliVersion = "2.24.2";
+var bundleVersion = "codeql-bundle-v2.24.3";
+var cliVersion = "2.24.3";

 // src/overlay/index.ts
 var fs2 = __toESM(require("fs"));
@@ -104292,11 +104292,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.24.2",
-  "cliVersion": "2.24.2",
-  "priorBundleVersion": "codeql-bundle-v2.24.1",
-  "priorCliVersion": "2.24.1"
+  "bundleVersion": "codeql-bundle-v2.24.3",
+  "cliVersion": "2.24.3",
+  "priorBundleVersion": "codeql-bundle-v2.24.2",
+  "priorCliVersion": "2.24.2"
 }
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -45986,7 +45986,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -46053,14 +46053,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -165218,8 +165218,8 @@ var path5 = __toESM(require("path"));
 var semver5 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.24.2";
-var cliVersion = "2.24.2";
+var bundleVersion = "codeql-bundle-v2.24.3";
+var cliVersion = "2.24.3";

 // src/overlay/index.ts
 var fs3 = __toESM(require("fs"));
@@ -165729,11 +165729,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -45986,7 +45986,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -46053,14 +46053,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -100091,7 +100091,7 @@ var require_follow_redirects = __commonJS({
      if (this._ending) {
        throw new WriteAfterEndError();
      }
-      if (!isString(data) && !isBuffer(data)) {
+      if (!isString2(data) && !isBuffer(data)) {
        throw new TypeError("data should be a string, Buffer or Uint8Array");
      }
      if (isFunction(encoding)) {
@@ -100346,7 +100346,7 @@ var require_follow_redirects = __commonJS({
        function request2(input, options, callback) {
          if (isURL(input)) {
            input = spreadUrlObject(input);
-          } else if (isString(input)) {
+          } else if (isString2(input)) {
            input = spreadUrlObject(parseUrl2(input));
          } else {
            callback = options;
@@ -100362,7 +100362,7 @@ var require_follow_redirects = __commonJS({
            maxBodyLength: exports3.maxBodyLength
          }, input, options);
          options.nativeProtocols = nativeProtocols;
-          if (!isString(options.host) && !isString(options.hostname)) {
+          if (!isString2(options.host) && !isString2(options.hostname)) {
            options.hostname = "::1";
          }
          assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -100389,7 +100389,7 @@ var require_follow_redirects = __commonJS({
        parsed = new URL2(input);
      } else {
        parsed = validateUrl(url.parse(input));
-        if (!isString(parsed.protocol)) {
+        if (!isString2(parsed.protocol)) {
          throw new InvalidUrlError({ input });
        }
      }
@@ -100461,11 +100461,11 @@ var require_follow_redirects = __commonJS({
      request2.destroy(error3);
    }
    function isSubdomain(subdomain, domain) {
-      assert(isString(subdomain) && isString(domain));
+      assert(isString2(subdomain) && isString2(domain));
      var dot = subdomain.length - domain.length - 1;
      return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
    }
-    function isString(value) {
+    function isString2(value) {
      return typeof value === "string" || value instanceof String;
    }
    function isFunction(value) {
@@ -104408,14 +104408,23 @@ var RepositoryPropertyName = /* @__PURE__ */ ((RepositoryPropertyName2) => {
  RepositoryPropertyName2["EXTRA_QUERIES"] = "github-codeql-extra-queries";
  return RepositoryPropertyName2;
 })(RepositoryPropertyName || {});
-var repositoryPropertyParsers = {
-  ["github-codeql-disable-overlay" /* DISABLE_OVERLAY */]: parseBooleanRepositoryProperty,
-  ["github-codeql-extra-queries" /* EXTRA_QUERIES */]: parseStringRepositoryProperty
+function isString(value) {
+  return typeof value === "string";
+}
+var stringProperty = {
+  validate: isString,
+  parse: parseStringRepositoryProperty
 };
-async function loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) {
-  if (gitHubVersion.type === "GitHub Enterprise Server" /* GHES */) {
-    return {};
-  }
+var booleanProperty = {
+  // The value from the API should come as a string, which we then parse into a boolean.
+  validate: isString,
+  parse: parseBooleanRepositoryProperty
+};
+var repositoryPropertyParsers = {
+  ["github-codeql-disable-overlay" /* DISABLE_OVERLAY */]: booleanProperty,
+  ["github-codeql-extra-queries" /* EXTRA_QUERIES */]: stringProperty
+};
+async function loadPropertiesFromApi(logger, repositoryNwo) {
  try {
    const response = await getRepositoryProperties(repositoryNwo);
    const remoteProperties = response.data;
@@ -104434,11 +104443,6 @@ async function loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) {
          `Expected repository property object to have a 'property_name', but got: ${JSON.stringify(property)}`
        );
      }
-      if (typeof property.value !== "string") {
-        throw new Error(
-          `Expected repository property '${property.property_name}' to have a string value, but got: ${JSON.stringify(property)}`
-        );
-      }
      if (isKnownPropertyName(property.property_name)) {
        setProperty2(properties, property.property_name, property.value, logger);
      }
@@ -104463,7 +104467,14 @@ async function loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) {
  }
 }
 function setProperty2(properties, name, value, logger) {
-  properties[name] = repositoryPropertyParsers[name](name, value, logger);
+  const propertyOptions = repositoryPropertyParsers[name];
+  if (propertyOptions.validate(value)) {
+    properties[name] = propertyOptions.parse(name, value, logger);
+  } else {
+    throw new Error(
+      `Unexpected value for repository property '${name}' (${typeof value}), got: ${JSON.stringify(value)}`
+    );
+  }
 }
 function parseBooleanRepositoryProperty(name, value, logger) {
  if (value !== "true" && value !== "false") {
@@ -104857,8 +104868,8 @@ var path6 = __toESM(require("path"));
 var semver5 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.24.2";
-var cliVersion = "2.24.2";
+var bundleVersion = "codeql-bundle-v2.24.3";
+var cliVersion = "2.24.3";

 // src/overlay/index.ts
 var fs3 = __toESM(require("fs"));
@@ -105538,11 +105549,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
@@ -106393,9 +106399,9 @@ var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = {
  rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */,
  swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */
 };
-async function isOverlayAnalysisFeatureEnabled(features, codeql, languages, codeScanningConfig) {
+async function checkOverlayAnalysisFeatureEnabled(features, codeql, languages, codeScanningConfig) {
  if (!await features.getValue("overlay_analysis" /* OverlayAnalysis */, codeql)) {
-    return false;
+    return new Failure("overall-feature-not-enabled" /* OverallFeatureNotEnabled */);
  }
  let enableForCodeScanningOnly = false;
  for (const language of languages) {
@@ -106408,17 +106414,20 @@ async function isOverlayAnalysisFeatureEnabled(features, codeql, languages, code
      enableForCodeScanningOnly = true;
      continue;
    }
-    return false;
+    return new Failure("language-not-enabled" /* LanguageNotEnabled */);
  }
  if (enableForCodeScanningOnly) {
-    return codeScanningConfig["disable-default-queries"] !== true && codeScanningConfig.packs === void 0 && codeScanningConfig.queries === void 0 && codeScanningConfig["query-filters"] === void 0;
+    const usesDefaultQueriesOnly = codeScanningConfig["disable-default-queries"] !== true && codeScanningConfig.packs === void 0 && codeScanningConfig.queries === void 0 && codeScanningConfig["query-filters"] === void 0;
+    if (!usesDefaultQueriesOnly) {
+      return new Failure("non-default-queries" /* NonDefaultQueries */);
+    }
  }
-  return true;
+  return new Success(void 0);
 }
 function runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks) {
  const minimumDiskSpaceBytes = useV2ResourceChecks ? OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES : OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES;
-  if (diskUsage === void 0 || diskUsage.numAvailableBytes < minimumDiskSpaceBytes) {
-    const diskSpaceMb = diskUsage === void 0 ? 0 : Math.round(diskUsage.numAvailableBytes / 1e6);
+  if (diskUsage.numAvailableBytes < minimumDiskSpaceBytes) {
+    const diskSpaceMb = Math.round(diskUsage.numAvailableBytes / 1e6);
    const minimumDiskSpaceMb = Math.round(minimumDiskSpaceBytes / 1e6);
    logger.info(
      `Setting overlay database mode to ${"none" /* None */} due to insufficient disk space (${diskSpaceMb} MB, needed ${minimumDiskSpaceMb} MB).`
@@ -106449,93 +106458,110 @@ async function runnerHasSufficientMemory(codeql, ramInput, logger) {
  );
  return true;
 }
-async function runnerSupportsOverlayAnalysis(codeql, diskUsage, ramInput, logger, useV2ResourceChecks) {
+async function checkRunnerResources(codeql, diskUsage, ramInput, logger, useV2ResourceChecks) {
  if (!runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks)) {
-    return false;
+    return new Failure("insufficient-disk-space" /* InsufficientDiskSpace */);
  }
  if (!await runnerHasSufficientMemory(codeql, ramInput, logger)) {
-    return false;
+    return new Failure("insufficient-memory" /* InsufficientMemory */);
  }
-  return true;
+  return new Success(void 0);
 }
-async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, ramInput, codeScanningConfig, repositoryProperties, gitVersion, logger) {
-  let overlayDatabaseMode = "none" /* None */;
-  let useOverlayDatabaseCaching = false;
-  let disabledReason;
+async function checkOverlayEnablement(codeql, features, languages, sourceRoot, buildMode, ramInput, codeScanningConfig, repositoryProperties, gitVersion, logger) {
  const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE;
  if (modeEnv === "overlay" /* Overlay */ || modeEnv === "overlay-base" /* OverlayBase */ || modeEnv === "none" /* None */) {
-    overlayDatabaseMode = modeEnv;
    logger.info(
-      `Setting overlay database mode to ${overlayDatabaseMode} from the CODEQL_OVERLAY_DATABASE_MODE environment variable.`
+      `Setting overlay database mode to ${modeEnv} from the CODEQL_OVERLAY_DATABASE_MODE environment variable.`
    );
-  } else if (repositoryProperties["github-codeql-disable-overlay" /* DISABLE_OVERLAY */] === true) {
+    if (modeEnv === "none" /* None */) {
+      return new Failure("disabled-by-environment-variable" /* DisabledByEnvironmentVariable */);
+    }
+    return validateOverlayDatabaseMode(
+      modeEnv,
+      false,
+      codeql,
+      languages,
+      sourceRoot,
+      buildMode,
+      gitVersion,
+      logger
+    );
+  }
+  if (repositoryProperties["github-codeql-disable-overlay" /* DISABLE_OVERLAY */] === true) {
    logger.info(
      `Setting overlay database mode to ${"none" /* None */} because the ${"github-codeql-disable-overlay" /* DISABLE_OVERLAY */} repository property is set to true.`
    );
-    overlayDatabaseMode = "none" /* None */;
-    disabledReason = "disabled-by-repository-property" /* DisabledByRepositoryProperty */;
-  } else if (await isOverlayAnalysisFeatureEnabled(
+    return new Failure("disabled-by-repository-property" /* DisabledByRepositoryProperty */);
+  }
+  const featureResult = await checkOverlayAnalysisFeatureEnabled(
    features,
    codeql,
    languages,
    codeScanningConfig
-  )) {
-    const performResourceChecks = !await features.getValue(
-      "overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */,
-      codeql
+  );
+  if (featureResult.isFailure()) {
+    return featureResult;
+  }
+  const performResourceChecks = !await features.getValue(
+    "overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */,
+    codeql
+  );
+  const useV2ResourceChecks = await features.getValue(
+    "overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */
+  );
+  const checkOverlayStatus = await features.getValue(
+    "overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */
+  );
+  const needDiskUsage = performResourceChecks || checkOverlayStatus;
+  const diskUsage = needDiskUsage ? await checkDiskUsage(logger) : void 0;
+  if (needDiskUsage && diskUsage === void 0) {
+    logger.warning(
+      `Unable to determine disk usage, therefore setting overlay database mode to ${"none" /* None */}.`
    );
-    const useV2ResourceChecks = await features.getValue(
-      "overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */
+    return new Failure("unable-to-determine-disk-usage" /* UnableToDetermineDiskUsage */);
+  }
+  const resourceResult = performResourceChecks && diskUsage !== void 0 ? await checkRunnerResources(
+    codeql,
+    diskUsage,
+    ramInput,
+    logger,
+    useV2ResourceChecks
+  ) : new Success(void 0);
+  if (resourceResult.isFailure()) {
+    return resourceResult;
+  }
+  if (checkOverlayStatus && diskUsage !== void 0 && await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger)) {
+    logger.info(
+      `Setting overlay database mode to ${"none" /* None */} because overlay analysis previously failed with this combination of languages, disk space, and CodeQL version.`
    );
-    const checkOverlayStatus = await features.getValue(
-      "overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */
+    return new Failure("skipped-due-to-cached-status" /* SkippedDueToCachedStatus */);
+  }
+  let overlayDatabaseMode;
+  if (isAnalyzingPullRequest()) {
+    overlayDatabaseMode = "overlay" /* Overlay */;
+    logger.info(
+      `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing a pull request.`
+    );
+  } else if (await isAnalyzingDefaultBranch()) {
+    overlayDatabaseMode = "overlay-base" /* OverlayBase */;
+    logger.info(
+      `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing the default branch.`
    );
-    const diskUsage = performResourceChecks || checkOverlayStatus ? await checkDiskUsage(logger) : void 0;
-    if (performResourceChecks && !await runnerSupportsOverlayAnalysis(
-      codeql,
-      diskUsage,
-      ramInput,
-      logger,
-      useV2ResourceChecks
-    )) {
-      overlayDatabaseMode = "none" /* None */;
-      disabledReason = "insufficient-resources" /* InsufficientResources */;
-    } else if (checkOverlayStatus && diskUsage === void 0) {
-      logger.warning(
-        `Unable to determine disk usage, therefore setting overlay database mode to ${"none" /* None */}.`
-      );
-      overlayDatabaseMode = "none" /* None */;
-      disabledReason = "unable-to-determine-disk-usage" /* UnableToDetermineDiskUsage */;
-    } else if (checkOverlayStatus && diskUsage && await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger)) {
-      logger.info(
-        `Setting overlay database mode to ${"none" /* None */} because overlay analysis previously failed with this combination of languages, disk space, and CodeQL version.`
-      );
-      overlayDatabaseMode = "none" /* None */;
-      disabledReason = "skipped-due-to-cached-status" /* SkippedDueToCachedStatus */;
-    } else if (isAnalyzingPullRequest()) {
-      overlayDatabaseMode = "overlay" /* Overlay */;
-      useOverlayDatabaseCaching = true;
-      logger.info(
-        `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing a pull request.`
-      );
-    } else if (await isAnalyzingDefaultBranch()) {
-      overlayDatabaseMode = "overlay-base" /* OverlayBase */;
-      useOverlayDatabaseCaching = true;
-      logger.info(
-        `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing the default branch.`
-      );
-    }
  } else {
-    disabledReason = "feature-not-enabled" /* FeatureNotEnabled */;
-  }
-  const disabledResult = (reason) => ({
-    overlayDatabaseMode: "none" /* None */,
-    useOverlayDatabaseCaching: false,
-    disabledReason: reason
-  });
-  if (overlayDatabaseMode === "none" /* None */) {
-    return disabledResult(disabledReason);
+    return new Failure("not-pull-request-or-default-branch" /* NotPullRequestOrDefaultBranch */);
  }
+  return validateOverlayDatabaseMode(
+    overlayDatabaseMode,
+    true,
+    codeql,
+    languages,
+    sourceRoot,
+    buildMode,
+    gitVersion,
+    logger
+  );
+}
+async function validateOverlayDatabaseMode(overlayDatabaseMode, useOverlayDatabaseCaching, codeql, languages, sourceRoot, buildMode, gitVersion, logger) {
  if (buildMode !== "none" /* None */ && (await Promise.all(
    languages.map(
      async (l) => l !== "go" /* go */ && // Workaround to allow overlay analysis for Go with any build
@@ -106548,37 +106574,36 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b
    logger.warning(
      `Cannot build an ${overlayDatabaseMode} database because build-mode is set to "${buildMode}" instead of "none". Falling back to creating a normal full database instead.`
    );
-    return disabledResult("incompatible-build-mode" /* IncompatibleBuildMode */);
+    return new Failure("incompatible-build-mode" /* IncompatibleBuildMode */);
  }
  if (!await codeQlVersionAtLeast(codeql, CODEQL_OVERLAY_MINIMUM_VERSION)) {
    logger.warning(
      `Cannot build an ${overlayDatabaseMode} database because the CodeQL CLI is older than ${CODEQL_OVERLAY_MINIMUM_VERSION}. Falling back to creating a normal full database instead.`
    );
-    return disabledResult("incompatible-codeql" /* IncompatibleCodeQl */);
+    return new Failure("incompatible-codeql" /* IncompatibleCodeQl */);
  }
  if (await getGitRoot(sourceRoot) === void 0) {
    logger.warning(
      `Cannot build an ${overlayDatabaseMode} database because the source root "${sourceRoot}" is not inside a git repository. Falling back to creating a normal full database instead.`
    );
-    return disabledResult("no-git-root" /* NoGitRoot */);
+    return new Failure("no-git-root" /* NoGitRoot */);
  }
  if (gitVersion === void 0) {
    logger.warning(
      `Cannot build an ${overlayDatabaseMode} database because the Git version could not be determined. Falling back to creating a normal full database instead.`
    );
-    return disabledResult("incompatible-git" /* IncompatibleGit */);
+    return new Failure("incompatible-git" /* IncompatibleGit */);
  }
  if (!gitVersion.isAtLeast(GIT_MINIMUM_VERSION_FOR_OVERLAY)) {
    logger.warning(
      `Cannot build an ${overlayDatabaseMode} database because the installed Git version is older than ${GIT_MINIMUM_VERSION_FOR_OVERLAY}. Falling back to creating a normal full database instead.`
    );
-    return disabledResult("incompatible-git" /* IncompatibleGit */);
+    return new Failure("incompatible-git" /* IncompatibleGit */);
  }
-  return {
+  return new Success({
    overlayDatabaseMode,
-    useOverlayDatabaseCaching,
-    disabledReason
-  };
+    useOverlayDatabaseCaching
+  });
 }
 function dbLocationOrDefault(dbLocation, tempDir) {
  return dbLocation || path9.resolve(tempDir, "codeql_databases");
@@ -106666,11 +106691,7 @@ async function initConfig(features, inputs) {
  } else {
    logger.debug(`Skipping check for generated files.`);
  }
-  const {
-    overlayDatabaseMode,
-    useOverlayDatabaseCaching,
-    disabledReason: overlayDisabledReason
-  } = await getOverlayDatabaseMode(
+  const overlayDatabaseModeResult = await checkOverlayEnablement(
    inputs.codeql,
    inputs.features,
    config.languages,
@@ -106682,19 +106703,27 @@ async function initConfig(features, inputs) {
    gitVersion,
    logger
  );
-  logger.info(
-    `Using overlay database mode: ${overlayDatabaseMode} ${useOverlayDatabaseCaching ? "with" : "without"} caching.`
-  );
-  config.overlayDatabaseMode = overlayDatabaseMode;
-  config.useOverlayDatabaseCaching = useOverlayDatabaseCaching;
-  if (overlayDisabledReason !== void 0) {
+  if (overlayDatabaseModeResult.isSuccess()) {
+    const { overlayDatabaseMode, useOverlayDatabaseCaching } = overlayDatabaseModeResult.value;
+    logger.info(
+      `Using overlay database mode: ${overlayDatabaseMode} ${useOverlayDatabaseCaching ? "with" : "without"} caching.`
+    );
+    config.overlayDatabaseMode = overlayDatabaseMode;
+    config.useOverlayDatabaseCaching = useOverlayDatabaseCaching;
+  } else {
+    const overlayDisabledReason = overlayDatabaseModeResult.value;
+    logger.info(
+      `Using overlay database mode: ${"none" /* None */} without caching.`
+    );
+    config.overlayDatabaseMode = "none" /* None */;
+    config.useOverlayDatabaseCaching = false;
    await addOverlayDisablementDiagnostics(
      config,
      inputs.codeql,
      overlayDisabledReason
    );
  }
-  if (overlayDatabaseMode === "overlay" /* Overlay */ || await shouldPerformDiffInformedAnalysis(
+  if (config.overlayDatabaseMode === "overlay" /* Overlay */ || await shouldPerformDiffInformedAnalysis(
    inputs.codeql,
    inputs.features,
    logger
@@ -109610,8 +109639,6 @@ async function run(startedAt) {
    );
    const repositoryPropertiesResult = await loadRepositoryProperties(
      repositoryNwo,
-      gitHubVersion,
-      features,
      logger
    );
    const jobRunUuid = v4_default();
@@ -110011,7 +110038,7 @@ exec ${goBinaryPath} "$@"`
    logger
  );
 }
-async function loadRepositoryProperties(repositoryNwo, gitHubVersion, features, logger) {
+async function loadRepositoryProperties(repositoryNwo, logger) {
  const repositoryOwnerType = github2.context.payload.repository?.owner.type;
  logger.debug(
    `Repository owner type is '${repositoryOwnerType ?? "unknown"}'.`
@@ -110022,16 +110049,8 @@ async function loadRepositoryProperties(repositoryNwo, gitHubVersion, features,
    );
    return new Success({});
  }
-  if (!await features.getValue("use_repository_properties_v2" /* UseRepositoryProperties */)) {
-    logger.debug(
-      "Skipping loading repository properties because the UseRepositoryProperties feature flag is disabled."
-    );
-    return new Success({});
-  }
  try {
-    return new Success(
-      await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo)
-    );
+    return new Success(await loadPropertiesFromApi(logger, repositoryNwo));
  } catch (error3) {
    logger.warning(
      `Failed to load repository properties: ${getErrorMessage(error3)}`
--- a/lib/resolve-environment-action.js
+++ b/lib/resolve-environment-action.js
@@ -45986,7 +45986,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -46053,14 +46053,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -104283,11 +104283,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/lib/setup-codeql-action.js
+++ b/lib/setup-codeql-action.js
@@ -45986,7 +45986,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -46053,14 +46053,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -103679,8 +103679,8 @@ var path4 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.24.2";
-var cliVersion = "2.24.2";
+var bundleVersion = "codeql-bundle-v2.24.3";
+var cliVersion = "2.24.3";

 // src/overlay/index.ts
 var fs3 = __toESM(require("fs"));
@@ -104180,11 +104180,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/lib/start-proxy-action-post.js
+++ b/lib/start-proxy-action-post.js
@@ -45986,7 +45986,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -46053,14 +46053,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -161649,11 +161649,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/lib/start-proxy-action.js
+++ b/lib/start-proxy-action.js
@@ -45986,7 +45986,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -46053,14 +46053,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -120612,8 +120612,8 @@ var path = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.24.2";
-var cliVersion = "2.24.2";
+var bundleVersion = "codeql-bundle-v2.24.3";
+var cliVersion = "2.24.3";

 // src/overlay/index.ts
 var actionsCache = __toESM(require_cache5());
@@ -120972,11 +120972,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -47283,7 +47283,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -47350,14 +47350,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -106934,8 +106934,8 @@ var path5 = __toESM(require("path"));
 var semver5 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.24.2";
-var cliVersion = "2.24.2";
+var bundleVersion = "codeql-bundle-v2.24.3";
+var cliVersion = "2.24.3";

 // src/overlay/index.ts
 var fs3 = __toESM(require("fs"));
@@ -107439,11 +107439,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/lib/upload-sarif-action-post.js
+++ b/lib/upload-sarif-action-post.js
@@ -45986,7 +45986,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -46053,14 +46053,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -161811,11 +161811,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@@ -45986,7 +45986,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.32.6",
+      version: "4.32.7",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -46053,14 +46053,14 @@ var require_package = __commonJS({
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        glob: "^11.1.0",
        globals: "^17.3.0",
        nock: "^14.0.11",
        sinon: "^21.0.1",
        typescript: "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      },
      overrides: {
        "@actions/tool-cache": {
@@ -106618,8 +106618,8 @@ var path4 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.24.2";
-var cliVersion = "2.24.2";
+var bundleVersion = "codeql-bundle-v2.24.3";
+var cliVersion = "2.24.3";

 // src/overlay/index.ts
 var fs3 = __toESM(require("fs"));
@@ -107153,11 +107153,6 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */
  },
-  ["use_repository_properties_v2" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "codeql",
-  "version": "4.32.6",
+  "version": "4.32.7",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "codeql",
-      "version": "4.32.6",
+      "version": "4.32.7",
      "license": "MIT",
      "dependencies": {
        "@actions/artifact": "^5.0.3",
@@ -52,14 +52,14 @@
        "eslint-import-resolver-typescript": "^3.8.7",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.1",
-        "eslint-plugin-jsdoc": "^62.6.0",
+        "eslint-plugin-jsdoc": "^62.7.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
        "glob": "^11.1.0",
        "globals": "^17.3.0",
        "nock": "^14.0.11",
        "sinon": "^21.0.1",
        "typescript": "^5.9.3",
-        "typescript-eslint": "^8.56.0"
+        "typescript-eslint": "^8.56.1"
      }
    },
    "node_modules/@aashutoshrathi/word-wrap": {
@@ -2553,17 +2553,17 @@
      "license": "MIT"
    },
    "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.56.0.tgz",
-      "integrity": "sha512-lRyPDLzNCuae71A3t9NEINBiTn7swyOhvUj3MyUOxb8x6g6vPEFoOU+ZRmGMusNC3X3YMhqMIX7i8ShqhT74Pw==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.56.1.tgz",
+      "integrity": "sha512-Jz9ZztpB37dNC+HU2HI28Bs9QXpzCz+y/twHOwhyrIRdbuVDxSytJNDl6z/aAKlaRIwC7y8wJdkBv7FxYGgi0A==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/regexpp": "^4.12.2",
-        "@typescript-eslint/scope-manager": "8.56.0",
-        "@typescript-eslint/type-utils": "8.56.0",
-        "@typescript-eslint/utils": "8.56.0",
-        "@typescript-eslint/visitor-keys": "8.56.0",
+        "@typescript-eslint/scope-manager": "8.56.1",
+        "@typescript-eslint/type-utils": "8.56.1",
+        "@typescript-eslint/utils": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.56.1",
        "ignore": "^7.0.5",
        "natural-compare": "^1.4.0",
        "ts-api-utils": "^2.4.0"
@@ -2576,7 +2576,7 @@
        "url": "https://opencollective.com/typescript-eslint"
      },
      "peerDependencies": {
-        "@typescript-eslint/parser": "^8.56.0",
+        "@typescript-eslint/parser": "^8.56.1",
        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
        "typescript": ">=4.8.4 <6.0.0"
      }
@@ -2592,16 +2592,16 @@
      }
    },
    "node_modules/@typescript-eslint/parser": {
-      "version": "8.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.56.0.tgz",
-      "integrity": "sha512-IgSWvLobTDOjnaxAfDTIHaECbkNlAlKv2j5SjpB2v7QHKv1FIfjwMy8FsDbVfDX/KjmCmYICcw7uGaXLhtsLNg==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.56.1.tgz",
+      "integrity": "sha512-klQbnPAAiGYFyI02+znpBRLyjL4/BrBd0nyWkdC0s/6xFLkXYQ8OoRrSkqacS1ddVxf/LDyODIKbQ5TgKAf/Fg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/scope-manager": "8.56.0",
-        "@typescript-eslint/types": "8.56.0",
-        "@typescript-eslint/typescript-estree": "8.56.0",
-        "@typescript-eslint/visitor-keys": "8.56.0",
+        "@typescript-eslint/scope-manager": "8.56.1",
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.56.1",
        "debug": "^4.4.3"
      },
      "engines": {
@@ -2635,14 +2635,14 @@
      }
    },
    "node_modules/@typescript-eslint/project-service": {
-      "version": "8.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.56.0.tgz",
-      "integrity": "sha512-M3rnyL1vIQOMeWxTWIW096/TtVP+8W3p/XnaFflhmcFp+U4zlxUxWj4XwNs6HbDeTtN4yun0GNTTDBw/SvufKg==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.56.1.tgz",
+      "integrity": "sha512-TAdqQTzHNNvlVFfR+hu2PDJrURiwKsUvxFn1M0h95BB8ah5jejas08jUWG4dBA68jDMI988IvtfdAI53JzEHOQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.56.0",
-        "@typescript-eslint/types": "^8.56.0",
+        "@typescript-eslint/tsconfig-utils": "^8.56.1",
+        "@typescript-eslint/types": "^8.56.1",
        "debug": "^4.4.3"
      },
      "engines": {
@@ -2675,14 +2675,14 @@
      }
    },
    "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.56.0.tgz",
-      "integrity": "sha512-7UiO/XwMHquH+ZzfVCfUNkIXlp/yQjjnlYUyYz7pfvlK3/EyyN6BK+emDmGNyQLBtLGaYrTAI6KOw8tFucWL2w==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.56.1.tgz",
+      "integrity": "sha512-YAi4VDKcIZp0O4tz/haYKhmIDZFEUPOreKbfdAN3SzUDMcPhJ8QI99xQXqX+HoUVq8cs85eRKnD+rne2UAnj2w==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.56.0",
-        "@typescript-eslint/visitor-keys": "8.56.0"
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.56.1"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2693,9 +2693,9 @@
      }
    },
    "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.56.0.tgz",
-      "integrity": "sha512-bSJoIIt4o3lKXD3xmDh9chZcjCz5Lk8xS7Rxn+6l5/pKrDpkCwtQNQQwZ2qRPk7TkUYhrq3WPIHXOXlbXP0itg==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.56.1.tgz",
+      "integrity": "sha512-qOtCYzKEeyr3aR9f28mPJqBty7+DBqsdd63eO0yyDwc6vgThj2UjWfJIcsFeSucYydqcuudMOprZ+x1SpF3ZuQ==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -2710,15 +2710,15 @@
      }
    },
    "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.56.0.tgz",
-      "integrity": "sha512-qX2L3HWOU2nuDs6GzglBeuFXviDODreS58tLY/BALPC7iu3Fa+J7EOTwnX9PdNBxUI7Uh0ntP0YWGnxCkXzmfA==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.56.1.tgz",
+      "integrity": "sha512-yB/7dxi7MgTtGhZdaHCemf7PuwrHMenHjmzgUW1aJpO+bBU43OycnM3Wn+DdvDO/8zzA9HlhaJ0AUGuvri4oGg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.56.0",
-        "@typescript-eslint/typescript-estree": "8.56.0",
-        "@typescript-eslint/utils": "8.56.0",
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.56.1",
+        "@typescript-eslint/utils": "8.56.1",
        "debug": "^4.4.3",
        "ts-api-utils": "^2.4.0"
      },
@@ -2753,9 +2753,9 @@
      }
    },
    "node_modules/@typescript-eslint/types": {
-      "version": "8.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.56.0.tgz",
-      "integrity": "sha512-DBsLPs3GsWhX5HylbP9HNG15U0bnwut55Lx12bHB9MpXxQ+R5GC8MwQe+N1UFXxAeQDvEsEDY6ZYwX03K7Z6HQ==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.56.1.tgz",
+      "integrity": "sha512-dbMkdIUkIkchgGDIv7KLUpa0Mda4IYjo4IAMJUZ+3xNoUXxMsk9YtKpTHSChRS85o+H9ftm51gsK1dZReY9CVw==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -2767,18 +2767,18 @@
      }
    },
    "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.56.0.tgz",
-      "integrity": "sha512-ex1nTUMWrseMltXUHmR2GAQ4d+WjkZCT4f+4bVsps8QEdh0vlBsaCokKTPlnqBFqqGaxilDNJG7b8dolW2m43Q==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.56.1.tgz",
+      "integrity": "sha512-qzUL1qgalIvKWAf9C1HpvBjif+Vm6rcT5wZd4VoMb9+Km3iS3Cv9DY6dMRMDtPnwRAFyAi7YXJpTIEXLvdfPxg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/project-service": "8.56.0",
-        "@typescript-eslint/tsconfig-utils": "8.56.0",
-        "@typescript-eslint/types": "8.56.0",
-        "@typescript-eslint/visitor-keys": "8.56.0",
+        "@typescript-eslint/project-service": "8.56.1",
+        "@typescript-eslint/tsconfig-utils": "8.56.1",
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.56.1",
        "debug": "^4.4.3",
-        "minimatch": "^9.0.5",
+        "minimatch": "^10.2.2",
        "semver": "^7.7.3",
        "tinyglobby": "^0.2.15",
        "ts-api-utils": "^2.4.0"
@@ -2794,14 +2794,27 @@
        "typescript": ">=4.8.4 <6.0.0"
      }
    },
+    "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
+      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
    "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.4.tgz",
+      "integrity": "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "balanced-match": "^1.0.0"
+        "balanced-match": "^4.0.2"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
      }
    },
    "node_modules/@typescript-eslint/typescript-estree/node_modules/debug": {
@@ -2823,32 +2836,32 @@
      }
    },
    "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-      "version": "9.0.9",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
-      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
+      "version": "10.2.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
+      "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
      "dev": true,
-      "license": "ISC",
+      "license": "BlueOak-1.0.0",
      "dependencies": {
-        "brace-expansion": "^2.0.2"
+        "brace-expansion": "^5.0.2"
      },
      "engines": {
-        "node": ">=16 || 14 >=14.17"
+        "node": "18 || 20 || >=22"
      },
      "funding": {
        "url": "https://github.com/sponsors/isaacs"
      }
    },
    "node_modules/@typescript-eslint/utils": {
-      "version": "8.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.56.0.tgz",
-      "integrity": "sha512-RZ3Qsmi2nFGsS+n+kjLAYDPVlrzf7UhTffrDIKr+h2yzAlYP/y5ZulU0yeDEPItos2Ph46JAL5P/On3pe7kDIQ==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.56.1.tgz",
+      "integrity": "sha512-HPAVNIME3tABJ61siYlHzSWCGtOoeP2RTIaHXFMPqjrQKCGB9OgUVdiNgH7TJS2JNIQ5qQ4RsAUDuGaGme/KOA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.56.0",
-        "@typescript-eslint/types": "8.56.0",
-        "@typescript-eslint/typescript-estree": "8.56.0"
+        "@typescript-eslint/scope-manager": "8.56.1",
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.56.1"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2863,13 +2876,13 @@
      }
    },
    "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.56.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.56.0.tgz",
-      "integrity": "sha512-q+SL+b+05Ud6LbEE35qe4A99P+htKTKVbyiNEe45eCbJFyh/HVK9QXwlrbz+Q4L8SOW4roxSVwXYj4DMBT7Ieg==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.56.1.tgz",
+      "integrity": "sha512-KiROIzYdEV85YygXw6BI/Dx4fnBlFQu6Mq4QE4MOH9fFnhohw6wX/OAvDY2/C+ut0I3RSPKenvZJIVYqJNkhEw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.56.0",
+        "@typescript-eslint/types": "8.56.1",
        "eslint-visitor-keys": "^5.0.0"
      },
      "engines": {
@@ -2881,9 +2894,9 @@
      }
    },
    "node_modules/@typescript-eslint/visitor-keys/node_modules/eslint-visitor-keys": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.0.tgz",
-      "integrity": "sha512-A0XeIi7CXU7nPlfHS9loMYEKxUaONu/hTEzHTGba9Huu94Cq1hPivf+DE5erJozZOky0LfvXAyrV/tcswpLI0Q==",
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz",
+      "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==",
      "dev": true,
      "license": "Apache-2.0",
      "engines": {
@@ -5146,9 +5159,9 @@
      }
    },
    "node_modules/eslint-plugin-jsdoc": {
-      "version": "62.6.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-62.6.0.tgz",
-      "integrity": "sha512-Z18zZD1Q2m9usqFbAzb30z+lF8bzE4WiUy+dfOXljJlZ1Jm5uhkuAWfGV97FYyh+WlKfrvpDYs+s1z45eZWMfA==",
+      "version": "62.7.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-62.7.1.tgz",
+      "integrity": "sha512-4Zvx99Q7d1uggYBUX/AIjvoyqXhluGbbKrRmG8SQTLprPFg6fa293tVJH1o1GQwNe3lUydd8ZHzn37OaSncgSQ==",
      "dev": true,
      "license": "BSD-3-Clause",
      "dependencies": {
@@ -5163,7 +5176,7 @@
        "html-entities": "^2.6.0",
        "object-deep-merge": "^2.0.0",
        "parse-imports-exports": "^0.2.4",
-        "semver": "^7.7.3",
+        "semver": "^7.7.4",
        "spdx-expression-parse": "^4.0.0",
        "to-valid-identifier": "^1.0.0"
      },
@@ -5171,7 +5184,7 @@
        "node": "^20.19.0 || ^22.13.0 || >=24"
      },
      "peerDependencies": {
-        "eslint": "^7.0.0 || ^8.0.0 || ^9.0.0"
+        "eslint": "^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0"
      }
    },
    "node_modules/eslint-plugin-jsdoc/node_modules/debug": {
@@ -8857,9 +8870,9 @@
      }
    },
    "node_modules/tar": {
-      "version": "7.5.7",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.7.tgz",
-      "integrity": "sha512-fov56fJiRuThVFXD6o6/Q354S7pnWMJIVlDBYijsTNx6jKSE4pvrDTs6lUnmGvNyfJwFQQwWy3owKz1ucIhveQ==",
+      "version": "7.5.10",
+      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.10.tgz",
+      "integrity": "sha512-8mOPs1//5q/rlkNSPcCegA6hiHJYDmSLEI8aMH/CdSQJNWztHC9WHNam5zdQlfpTwB9Xp7IBEsHfV5LKMJGVAw==",
      "dev": true,
      "license": "BlueOak-1.0.0",
      "dependencies": {
@@ -9189,16 +9202,16 @@
      }
    },
    "node_modules/typescript-eslint": {
-      "version": "8.56.0",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.56.0.tgz",
-      "integrity": "sha512-c7toRLrotJ9oixgdW7liukZpsnq5CZ7PuKztubGYlNppuTqhIoWfhgHo/7EU0v06gS2l/x0i2NEFK1qMIf0rIg==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.56.1.tgz",
+      "integrity": "sha512-U4lM6pjmBX7J5wk4szltF7I1cGBHXZopnAXCMXb3+fZ3B/0Z3hq3wS/CCUB2NZBNAExK92mCU2tEohWuwVMsDQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.56.0",
-        "@typescript-eslint/parser": "8.56.0",
-        "@typescript-eslint/typescript-estree": "8.56.0",
-        "@typescript-eslint/utils": "8.56.0"
+        "@typescript-eslint/eslint-plugin": "8.56.1",
+        "@typescript-eslint/parser": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.56.1",
+        "@typescript-eslint/utils": "8.56.1"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "4.32.6",
+  "version": "4.32.7",
  "private": true,
  "description": "CodeQL action",
  "scripts": {
@@ -67,14 +67,14 @@
    "eslint-import-resolver-typescript": "^3.8.7",
    "eslint-plugin-github": "^6.0.0",
    "eslint-plugin-import-x": "^4.16.1",
-    "eslint-plugin-jsdoc": "^62.6.0",
+    "eslint-plugin-jsdoc": "^62.7.1",
    "eslint-plugin-no-async-foreach": "^0.1.1",
    "glob": "^11.1.0",
    "globals": "^17.3.0",
    "nock": "^14.0.11",
    "sinon": "^21.0.1",
    "typescript": "^5.9.3",
-    "typescript-eslint": "^8.56.0"
+    "typescript-eslint": "^8.56.1"
  },
  "overrides": {
    "@actions/tool-cache": {
--- a/pr-checks/checks/analysis-kinds.yml
+++ b/pr-checks/checks/analysis-kinds.yml
@@ -40,7 +40,7 @@ steps:
      post-processed-sarif-path: "${{ runner.temp }}/post-processed"

  - name: Upload SARIF files
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v7
    with:
      name: |
        analysis-kinds-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
@@ -48,7 +48,7 @@ steps:
      retention-days: 7

  - name: Upload post-processed SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v7
    with:
      name: |
        post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
--- a/pr-checks/checks/analyze-ref-input.yml
+++ b/pr-checks/checks/analyze-ref-input.yml
@@ -2,7 +2,6 @@ name: "Analyze: 'ref' and 'sha' from inputs"
 description: "Checks that specifying 'ref' and 'sha' as inputs works"
 versions: ["default"]
 installGo: true
-installPython: true
 installDotNet: true
 steps:
  - uses: ./../action/init
--- a/pr-checks/checks/bundle-zstd.yml
+++ b/pr-checks/checks/bundle-zstd.yml
@@ -27,7 +27,7 @@ steps:
      output: ${{ runner.temp }}/results
      upload-database: false
  - name: Upload SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v7
    with:
      name: ${{ matrix.os }}-zstd-bundle.sarif
      path: ${{ runner.temp }}/results/javascript.sarif
--- a/pr-checks/checks/config-export.yml
+++ b/pr-checks/checks/config-export.yml
@@ -12,7 +12,7 @@ steps:
      output: "${{ runner.temp }}/results"
      upload-database: false
  - name: Upload SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v7
    with:
      name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
      path: "${{ runner.temp }}/results/javascript.sarif"
--- a/pr-checks/checks/diagnostics-export.yml
+++ b/pr-checks/checks/diagnostics-export.yml
@@ -25,7 +25,7 @@ steps:
      output: "${{ runner.temp }}/results"
      upload-database: false
  - name: Upload SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v7
    with:
      name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
      path: "${{ runner.temp }}/results/javascript.sarif"
--- a/pr-checks/checks/export-file-baseline-information.yml
+++ b/pr-checks/checks/export-file-baseline-information.yml
@@ -19,7 +19,7 @@ steps:
    with:
      output: "${{ runner.temp }}/results"
  - name: Upload SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v7
    with:
      name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json
      path: "${{ runner.temp }}/results/javascript.sarif"
--- a/pr-checks/checks/job-run-uuid-sarif.yml
+++ b/pr-checks/checks/job-run-uuid-sarif.yml
@@ -11,7 +11,7 @@ steps:
    with:
      output: "${{ runner.temp }}/results"
  - name: Upload SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v7
    with:
      name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json
      path: "${{ runner.temp }}/results/javascript.sarif"
--- a/pr-checks/checks/local-bundle.yml
+++ b/pr-checks/checks/local-bundle.yml
@@ -2,7 +2,6 @@ name: "Local CodeQL bundle"
 description: "Tests using a CodeQL bundle from a local file rather than a URL"
 versions: ["linked"]
 installGo: true
-installPython: true
 installDotNet: true
 steps:
  - name: Fetch latest CodeQL bundle
--- a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml
+++ b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml
@@ -3,7 +3,6 @@ description: "Checks that specifying packages using a combination of a config fi
 versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
 installGo: true
 installNode: true
-installPython: true
 installDotNet: true
 steps:
  - uses: ./../action/init
--- a/pr-checks/checks/remote-config.yml
+++ b/pr-checks/checks/remote-config.yml
@@ -6,7 +6,6 @@ versions:
  - linked
  - nightly-latest
 installGo: true
-installPython: true
 installDotNet: true
 steps:
  - uses: ./../action/init
--- a/pr-checks/checks/unset-environment.yml
+++ b/pr-checks/checks/unset-environment.yml
@@ -6,7 +6,6 @@ versions:
  - linked
  - nightly-latest
 installGo: true
-installPython: true
 installDotNet: true
 steps:
  - uses: ./../action/init
--- a/pr-checks/checks/upload-ref-sha-input.yml
+++ b/pr-checks/checks/upload-ref-sha-input.yml
@@ -2,7 +2,6 @@ name: "Upload-sarif: 'ref' and 'sha' from inputs"
 description: "Checks that specifying 'ref' and 'sha' as inputs works"
 versions: ["default"]
 installGo: true
-installPython: true
 installDotNet: true
 steps:
  - uses: ./../action/init
--- a/pr-checks/checks/upload-sarif.yml
+++ b/pr-checks/checks/upload-sarif.yml
@@ -3,7 +3,6 @@ description: "Checks that uploading SARIFs to the code quality endpoint works"
 versions: ["default"]
 analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"]
 installGo: true
-installPython: true
 installDotNet: true
 steps:
  - uses: ./../action/init
--- a/pr-checks/checks/with-checkout-path.yml
+++ b/pr-checks/checks/with-checkout-path.yml
@@ -2,7 +2,6 @@ name: "Use a custom `checkout_path`"
 description: "Checks that a custom `checkout_path` will find the proper commit_oid"
 versions: ["linked"]
 installGo: true
-installPython: true
 installDotNet: true
 steps:
  # This ensures we don't accidentally use the original checkout for any part of the test.
--- a/src/config-utils.test.ts
+++ b/src/config-utils.test.ts
@@ -40,6 +40,8 @@ import {
  withTmpDir,
  BuildMode,
  DiskUsage,
+  Success,
+  Failure,
 } from "./util";
 import * as util from "./util";

@@ -942,55 +944,46 @@ for (const { displayName, language, feature } of [
    feature: Feature.DisableCsharpBuildless,
  },
 ]) {
-  test.serial(
-    `Build mode not overridden when disable ${displayName} buildless feature flag disabled`,
-    async (t) => {
-      const messages: LoggedMessage[] = [];
-      const buildMode = await configUtils.parseBuildModeInput(
-        "none",
-        [language],
-        createFeatures([]),
-        getRecordingLogger(messages),
-      );
-      t.is(buildMode, BuildMode.None);
-      t.deepEqual(messages, []);
-    },
-  );
+  test(`Build mode not overridden when disable ${displayName} buildless feature flag disabled`, async (t) => {
+    const messages: LoggedMessage[] = [];
+    const buildMode = await configUtils.parseBuildModeInput(
+      "none",
+      [language],
+      createFeatures([]),
+      getRecordingLogger(messages),
+    );
+    t.is(buildMode, BuildMode.None);
+    t.deepEqual(messages, []);
+  });

-  test.serial(
-    `Build mode not overridden for other languages when disable ${displayName} buildless feature flag enabled`,
-    async (t) => {
-      const messages: LoggedMessage[] = [];
-      const buildMode = await configUtils.parseBuildModeInput(
-        "none",
-        [KnownLanguage.python],
-        createFeatures([feature]),
-        getRecordingLogger(messages),
-      );
-      t.is(buildMode, BuildMode.None);
-      t.deepEqual(messages, []);
-    },
-  );
+  test(`Build mode not overridden for other languages when disable ${displayName} buildless feature flag enabled`, async (t) => {
+    const messages: LoggedMessage[] = [];
+    const buildMode = await configUtils.parseBuildModeInput(
+      "none",
+      [KnownLanguage.python],
+      createFeatures([feature]),
+      getRecordingLogger(messages),
+    );
+    t.is(buildMode, BuildMode.None);
+    t.deepEqual(messages, []);
+  });

-  test.serial(
-    `Build mode overridden when analyzing ${displayName} and disable ${displayName} buildless feature flag enabled`,
-    async (t) => {
-      const messages: LoggedMessage[] = [];
-      const buildMode = await configUtils.parseBuildModeInput(
-        "none",
-        [language],
-        createFeatures([feature]),
-        getRecordingLogger(messages),
-      );
-      t.is(buildMode, BuildMode.Autobuild);
-      t.deepEqual(messages, [
-        {
-          message: `Scanning ${displayName} code without a build is temporarily unavailable. Falling back to 'autobuild' build mode.`,
-          type: "warning",
-        },
-      ]);
-    },
-  );
+  test(`Build mode overridden when analyzing ${displayName} and disable ${displayName} buildless feature flag enabled`, async (t) => {
+    const messages: LoggedMessage[] = [];
+    const buildMode = await configUtils.parseBuildModeInput(
+      "none",
+      [language],
+      createFeatures([feature]),
+      getRecordingLogger(messages),
+    );
+    t.is(buildMode, BuildMode.Autobuild);
+    t.deepEqual(messages, [
+      {
+        message: `Scanning ${displayName} code without a build is temporarily unavailable. Falling back to 'autobuild' build mode.`,
+        type: "warning",
+      },
+    ]);
+  });
 }

 interface OverlayDatabaseModeTestSetup {
@@ -1033,16 +1026,19 @@ const defaultOverlayDatabaseModeTestSetup: OverlayDatabaseModeTestSetup = {
  repositoryProperties: {},
 };

-const getOverlayDatabaseModeMacro = test.macro({
+const checkOverlayEnablementMacro = test.macro({
  exec: async (
    t: ExecutionContext,
    _title: string,
    setupOverrides: Partial<OverlayDatabaseModeTestSetup>,
-    expected: {
-      overlayDatabaseMode: OverlayDatabaseMode;
-      useOverlayDatabaseCaching: boolean;
-      disabledReason?: OverlayDisabledReason;
-    },
+    expected:
+      | {
+          overlayDatabaseMode: OverlayDatabaseMode;
+          useOverlayDatabaseCaching: boolean;
+        }
+      | {
+          disabledReason: OverlayDisabledReason;
+        },
  ) => {
    return await withTmpDir(async (tempDir) => {
      const messages: LoggedMessage[] = [];
@@ -1100,7 +1096,7 @@ const getOverlayDatabaseModeMacro = test.macro({
          .stub(gitUtils, "isAnalyzingDefaultBranch")
          .resolves(setup.isDefaultBranch);

-        const result = await configUtils.getOverlayDatabaseMode(
+        const result = await configUtils.checkOverlayEnablement(
          codeql,
          features,
          setup.languages,
@@ -1113,22 +1109,22 @@ const getOverlayDatabaseModeMacro = test.macro({
          logger,
        );

-        if (!("disabledReason" in expected)) {
-          expected.disabledReason = undefined;
+        if ("disabledReason" in expected) {
+          t.deepEqual(result, new Failure(expected.disabledReason));
+        } else {
+          t.deepEqual(result, new Success(expected));
        }
-
-        t.deepEqual(result, expected);
      } finally {
        // Restore the original environment
        process.env = originalEnv;
      }
    });
  },
-  title: (_, title) => `getOverlayDatabaseMode: ${title}`,
+  title: (_, title) => `checkOverlayEnablement: ${title}`,
 });

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Environment variable override - Overlay",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1140,7 +1136,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Environment variable override - OverlayBase",
  {
    overlayDatabaseEnvVar: "overlay-base",
@@ -1152,45 +1148,41 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Environment variable override - None",
  {
    overlayDatabaseEnvVar: "none",
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
+    disabledReason: OverlayDisabledReason.DisabledByEnvironmentVariable,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Ignore invalid environment variable",
  {
    overlayDatabaseEnvVar: "invalid-mode",
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Ignore feature flag when analyzing non-default branch",
  {
    languages: [KnownLanguage.javascript],
    features: [Feature.OverlayAnalysis, Feature.OverlayAnalysisJavascript],
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
+    disabledReason: OverlayDisabledReason.NotPullRequestOrDefaultBranch,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch when feature enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1204,7 +1196,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch when feature enabled with custom analysis",
  {
    languages: [KnownLanguage.javascript],
@@ -1221,7 +1213,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch when code-scanning feature enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1238,7 +1230,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch if runner disk space is too low",
  {
    languages: [KnownLanguage.javascript],
@@ -1253,14 +1245,12 @@ test.serial(
    },
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.InsufficientResources,
+    disabledReason: OverlayDisabledReason.InsufficientDiskSpace,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch if we can't determine runner disk space",
  {
    languages: [KnownLanguage.javascript],
@@ -1272,14 +1262,12 @@ test.serial(
    diskUsage: undefined,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.InsufficientResources,
+    disabledReason: OverlayDisabledReason.UnableToDetermineDiskUsage,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch if runner disk space is too low and skip resource checks flag is enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1301,7 +1289,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch if runner disk space is below v2 limit and v2 resource checks enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1317,14 +1305,12 @@ test.serial(
    },
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.InsufficientResources,
+    disabledReason: OverlayDisabledReason.InsufficientDiskSpace,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch if runner disk space is between v2 and v1 limits and v2 resource checks enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1346,7 +1332,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch if runner disk space is between v2 and v1 limits and v2 resource checks not enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1361,14 +1347,12 @@ test.serial(
    },
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.InsufficientResources,
+    disabledReason: OverlayDisabledReason.InsufficientDiskSpace,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch if memory flag is too low",
  {
    languages: [KnownLanguage.javascript],
@@ -1380,14 +1364,12 @@ test.serial(
    memoryFlagValue: 3072,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.InsufficientResources,
+    disabledReason: OverlayDisabledReason.InsufficientMemory,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch if memory flag is too low but CodeQL >= 2.24.3",
  {
    languages: [KnownLanguage.javascript],
@@ -1406,7 +1388,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch if memory flag is too low and skip resource checks flag is enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1425,7 +1407,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when cached status indicates previous failure",
  {
    languages: [KnownLanguage.javascript],
@@ -1438,14 +1420,12 @@ test.serial(
    shouldSkipOverlayAnalysisDueToCachedStatus: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
    disabledReason: OverlayDisabledReason.SkippedDueToCachedStatus,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when cached status indicates previous failure",
  {
    languages: [KnownLanguage.javascript],
@@ -1458,14 +1438,12 @@ test.serial(
    shouldSkipOverlayAnalysisDueToCachedStatus: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
    disabledReason: OverlayDisabledReason.SkippedDueToCachedStatus,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when code-scanning feature enabled with disable-default-queries",
  {
    languages: [KnownLanguage.javascript],
@@ -1479,14 +1457,12 @@ test.serial(
    isDefaultBranch: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.NonDefaultQueries,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when code-scanning feature enabled with packs",
  {
    languages: [KnownLanguage.javascript],
@@ -1500,14 +1476,12 @@ test.serial(
    isDefaultBranch: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.NonDefaultQueries,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when code-scanning feature enabled with queries",
  {
    languages: [KnownLanguage.javascript],
@@ -1521,14 +1495,12 @@ test.serial(
    isDefaultBranch: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.NonDefaultQueries,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when code-scanning feature enabled with query-filters",
  {
    languages: [KnownLanguage.javascript],
@@ -1542,14 +1514,12 @@ test.serial(
    isDefaultBranch: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.NonDefaultQueries,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when only language-specific feature enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1557,14 +1527,12 @@ test.serial(
    isDefaultBranch: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when only code-scanning feature enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1572,14 +1540,12 @@ test.serial(
    isDefaultBranch: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when language-specific feature disabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1587,14 +1553,12 @@ test.serial(
    isDefaultBranch: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.LanguageNotEnabled,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR when feature enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1608,7 +1572,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR when feature enabled with custom analysis",
  {
    languages: [KnownLanguage.javascript],
@@ -1625,7 +1589,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR when code-scanning feature enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1642,7 +1606,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR if runner disk space is too low",
  {
    languages: [KnownLanguage.javascript],
@@ -1657,14 +1621,12 @@ test.serial(
    },
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.InsufficientResources,
+    disabledReason: OverlayDisabledReason.InsufficientDiskSpace,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR if runner disk space is too low and skip resource checks flag is enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1686,7 +1648,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR if we can't determine runner disk space",
  {
    languages: [KnownLanguage.javascript],
@@ -1698,14 +1660,12 @@ test.serial(
    diskUsage: undefined,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.InsufficientResources,
+    disabledReason: OverlayDisabledReason.UnableToDetermineDiskUsage,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR if memory flag is too low",
  {
    languages: [KnownLanguage.javascript],
@@ -1717,14 +1677,12 @@ test.serial(
    memoryFlagValue: 3072,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.InsufficientResources,
+    disabledReason: OverlayDisabledReason.InsufficientMemory,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR if memory flag is too low but CodeQL >= 2.24.3",
  {
    languages: [KnownLanguage.javascript],
@@ -1743,7 +1701,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR if memory flag is too low and skip resource checks flag is enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1762,7 +1720,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when code-scanning feature enabled with disable-default-queries",
  {
    languages: [KnownLanguage.javascript],
@@ -1776,14 +1734,12 @@ test.serial(
    isPullRequest: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.NonDefaultQueries,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when code-scanning feature enabled with packs",
  {
    languages: [KnownLanguage.javascript],
@@ -1797,14 +1753,12 @@ test.serial(
    isPullRequest: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.NonDefaultQueries,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when code-scanning feature enabled with queries",
  {
    languages: [KnownLanguage.javascript],
@@ -1818,14 +1772,12 @@ test.serial(
    isPullRequest: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.NonDefaultQueries,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when code-scanning feature enabled with query-filters",
  {
    languages: [KnownLanguage.javascript],
@@ -1839,14 +1791,12 @@ test.serial(
    isPullRequest: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.NonDefaultQueries,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when only language-specific feature enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1854,14 +1804,12 @@ test.serial(
    isPullRequest: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when only code-scanning feature enabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1869,14 +1817,12 @@ test.serial(
    isPullRequest: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when language-specific feature disabled",
  {
    languages: [KnownLanguage.javascript],
@@ -1884,14 +1830,12 @@ test.serial(
    isPullRequest: true,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+    disabledReason: OverlayDisabledReason.LanguageNotEnabled,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay PR analysis by env",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1903,7 +1847,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay PR analysis by env on a runner with low disk space",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1916,7 +1860,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay PR analysis by feature flag",
  {
    languages: [KnownLanguage.javascript],
@@ -1930,7 +1874,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Fallback due to autobuild with traced language",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1938,14 +1882,12 @@ test.serial(
    languages: [KnownLanguage.java],
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
    disabledReason: OverlayDisabledReason.IncompatibleBuildMode,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Fallback due to no build mode with traced language",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1953,70 +1895,60 @@ test.serial(
    languages: [KnownLanguage.java],
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
    disabledReason: OverlayDisabledReason.IncompatibleBuildMode,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Fallback due to old CodeQL version",
  {
    overlayDatabaseEnvVar: "overlay",
    codeqlVersion: "2.14.0",
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
    disabledReason: OverlayDisabledReason.IncompatibleCodeQl,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Fallback due to missing git root",
  {
    overlayDatabaseEnvVar: "overlay",
    gitRoot: undefined,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
    disabledReason: OverlayDisabledReason.NoGitRoot,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Fallback due to old git version",
  {
    overlayDatabaseEnvVar: "overlay",
    gitVersion: new GitVersionInfo("2.30.0", "2.30.0"), // Version below required 2.38.0
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
    disabledReason: OverlayDisabledReason.IncompatibleGit,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Fallback when git version cannot be determined",
  {
    overlayDatabaseEnvVar: "overlay",
    gitVersion: undefined,
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
    disabledReason: OverlayDisabledReason.IncompatibleGit,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "No overlay when disabled via repository property",
  {
    languages: [KnownLanguage.javascript],
@@ -2027,14 +1959,12 @@ test.serial(
    },
  },
  {
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
    disabledReason: OverlayDisabledReason.DisabledByRepositoryProperty,
  },
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Overlay not disabled when repository property is false",
  {
    languages: [KnownLanguage.javascript],
@@ -2051,7 +1981,7 @@ test.serial(
 );

 test.serial(
-  getOverlayDatabaseModeMacro,
+  checkOverlayEnablementMacro,
  "Environment variable override takes precedence over repository property",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -2068,7 +1998,7 @@ test.serial(
 // Exercise language-specific overlay analysis features code paths
 for (const language in KnownLanguage) {
  test.serial(
-    getOverlayDatabaseModeMacro,
+    checkOverlayEnablementMacro,
    `Check default overlay analysis feature for ${language}`,
    {
      languages: [language],
@@ -2076,9 +2006,7 @@ for (const language in KnownLanguage) {
      isPullRequest: true,
    },
    {
-      overlayDatabaseMode: OverlayDatabaseMode.None,
-      useOverlayDatabaseCaching: false,
-      disabledReason: OverlayDisabledReason.FeatureNotEnabled,
+      disabledReason: OverlayDisabledReason.LanguageNotEnabled,
    },
  );
 }
--- a/src/config-utils.ts
+++ b/src/config-utils.ts
@@ -69,6 +69,9 @@ import {
  isInTestMode,
  joinAtMost,
  DiskUsage,
+  Result,
+  Success,
+  Failure,
 } from "./util";

 /**
@@ -653,14 +656,18 @@ const OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES: Record<Language, Feature> = {
  swift: Feature.OverlayAnalysisCodeScanningSwift,
 };

-async function isOverlayAnalysisFeatureEnabled(
+/**
+ * Checks whether the overlay analysis feature is enabled for the given
+ * languages and configuration.
+ */
+async function checkOverlayAnalysisFeatureEnabled(
  features: FeatureEnablement,
  codeql: CodeQL,
  languages: Language[],
  codeScanningConfig: UserConfig,
-): Promise<boolean> {
+): Promise<Result<void, OverlayDisabledReason>> {
  if (!(await features.getValue(Feature.OverlayAnalysis, codeql))) {
-    return false;
+    return new Failure(OverlayDisabledReason.OverallFeatureNotEnabled);
  }
  let enableForCodeScanningOnly = false;
  for (const language of languages) {
@@ -677,39 +684,35 @@ async function isOverlayAnalysisFeatureEnabled(
      enableForCodeScanningOnly = true;
      continue;
    }
-    return false;
+    return new Failure(OverlayDisabledReason.LanguageNotEnabled);
  }
  if (enableForCodeScanningOnly) {
    // A code-scanning configuration runs only the (default) code-scanning suite
    // if the default queries are not disabled, and no packs, queries, or
    // query-filters are specified.
-    return (
+    const usesDefaultQueriesOnly =
      codeScanningConfig["disable-default-queries"] !== true &&
      codeScanningConfig.packs === undefined &&
      codeScanningConfig.queries === undefined &&
-      codeScanningConfig["query-filters"] === undefined
-    );
+      codeScanningConfig["query-filters"] === undefined;
+    if (!usesDefaultQueriesOnly) {
+      return new Failure(OverlayDisabledReason.NonDefaultQueries);
+    }
  }
-  return true;
+  return new Success(undefined);
 }

 /** Checks if the runner has enough disk space for overlay analysis. */
 function runnerHasSufficientDiskSpace(
-  diskUsage: DiskUsage | undefined,
+  diskUsage: DiskUsage,
  logger: Logger,
  useV2ResourceChecks: boolean,
 ): boolean {
  const minimumDiskSpaceBytes = useV2ResourceChecks
    ? OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES
    : OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES;
-  if (
-    diskUsage === undefined ||
-    diskUsage.numAvailableBytes < minimumDiskSpaceBytes
-  ) {
-    const diskSpaceMb =
-      diskUsage === undefined
-        ? 0
-        : Math.round(diskUsage.numAvailableBytes / 1_000_000);
+  if (diskUsage.numAvailableBytes < minimumDiskSpaceBytes) {
+    const diskSpaceMb = Math.round(diskUsage.numAvailableBytes / 1_000_000);
    const minimumDiskSpaceMb = Math.round(minimumDiskSpaceBytes / 1_000_000);
    logger.info(
      `Setting overlay database mode to ${OverlayDatabaseMode.None} ` +
@@ -754,23 +757,28 @@ async function runnerHasSufficientMemory(
 }

 /**
- * Checks if the runner supports overlay analysis based on available disk space
- * and the maximum memory CodeQL will be allowed to use.
+ * Checks if the runner has sufficient disk space and memory for overlay
+ * analysis.
 */
-async function runnerSupportsOverlayAnalysis(
+async function checkRunnerResources(
  codeql: CodeQL,
-  diskUsage: DiskUsage | undefined,
+  diskUsage: DiskUsage,
  ramInput: string | undefined,
  logger: Logger,
  useV2ResourceChecks: boolean,
-): Promise<boolean> {
+): Promise<Result<void, OverlayDisabledReason>> {
  if (!runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks)) {
-    return false;
+    return new Failure(OverlayDisabledReason.InsufficientDiskSpace);
  }
  if (!(await runnerHasSufficientMemory(codeql, ramInput, logger))) {
-    return false;
+    return new Failure(OverlayDisabledReason.InsufficientMemory);
  }
-  return true;
+  return new Success(undefined);
+}
+
+interface EnabledOverlayConfig {
+  overlayDatabaseMode: Exclude<OverlayDatabaseMode, OverlayDatabaseMode.None>;
+  useOverlayDatabaseCaching: boolean;
 }

 /**
@@ -791,10 +799,11 @@ async function runnerSupportsOverlayAnalysis(
 * For `Overlay` and `OverlayBase`, the function performs further checks and
 * reverts to `None` if any check should fail.
 *
- * @returns An object containing the overlay database mode and whether the
- * action should perform overlay-base database caching.
+ * @returns A `Success` containing the overlay database mode and whether the
+ * action should perform overlay-base database caching, or a `Failure`
+ * containing the reason why overlay analysis is disabled.
 */
-export async function getOverlayDatabaseMode(
+export async function checkOverlayEnablement(
  codeql: CodeQL,
  features: FeatureEnablement,
  languages: Language[],
@@ -805,15 +814,7 @@ export async function getOverlayDatabaseMode(
  repositoryProperties: RepositoryProperties,
  gitVersion: GitVersionInfo | undefined,
  logger: Logger,
-): Promise<{
-  overlayDatabaseMode: OverlayDatabaseMode;
-  useOverlayDatabaseCaching: boolean;
-  disabledReason: OverlayDisabledReason | undefined;
-}> {
-  let overlayDatabaseMode = OverlayDatabaseMode.None;
-  let useOverlayDatabaseCaching = false;
-  let disabledReason: OverlayDisabledReason | undefined;
-
+): Promise<Result<EnabledOverlayConfig, OverlayDisabledReason>> {
  const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE;
  // Any unrecognized CODEQL_OVERLAY_DATABASE_MODE value will be ignored and
  // treated as if the environment variable was not set.
@@ -822,101 +823,132 @@ export async function getOverlayDatabaseMode(
    modeEnv === OverlayDatabaseMode.OverlayBase ||
    modeEnv === OverlayDatabaseMode.None
  ) {
-    overlayDatabaseMode = modeEnv;
    logger.info(
-      `Setting overlay database mode to ${overlayDatabaseMode} ` +
+      `Setting overlay database mode to ${modeEnv} ` +
        "from the CODEQL_OVERLAY_DATABASE_MODE environment variable.",
    );
-  } else if (
-    repositoryProperties[RepositoryPropertyName.DISABLE_OVERLAY] === true
-  ) {
+    if (modeEnv === OverlayDatabaseMode.None) {
+      return new Failure(OverlayDisabledReason.DisabledByEnvironmentVariable);
+    }
+    return validateOverlayDatabaseMode(
+      modeEnv,
+      false,
+      codeql,
+      languages,
+      sourceRoot,
+      buildMode,
+      gitVersion,
+      logger,
+    );
+  }
+
+  if (repositoryProperties[RepositoryPropertyName.DISABLE_OVERLAY] === true) {
    logger.info(
      `Setting overlay database mode to ${OverlayDatabaseMode.None} ` +
        `because the ${RepositoryPropertyName.DISABLE_OVERLAY} repository property is set to true.`,
    );
-    overlayDatabaseMode = OverlayDatabaseMode.None;
-    disabledReason = OverlayDisabledReason.DisabledByRepositoryProperty;
-  } else if (
-    await isOverlayAnalysisFeatureEnabled(
-      features,
-      codeql,
-      languages,
-      codeScanningConfig,
-    )
+    return new Failure(OverlayDisabledReason.DisabledByRepositoryProperty);
+  }
+
+  const featureResult = await checkOverlayAnalysisFeatureEnabled(
+    features,
+    codeql,
+    languages,
+    codeScanningConfig,
+  );
+  if (featureResult.isFailure()) {
+    return featureResult;
+  }
+
+  const performResourceChecks = !(await features.getValue(
+    Feature.OverlayAnalysisSkipResourceChecks,
+    codeql,
+  ));
+  const useV2ResourceChecks = await features.getValue(
+    Feature.OverlayAnalysisResourceChecksV2,
+  );
+  const checkOverlayStatus = await features.getValue(
+    Feature.OverlayAnalysisStatusCheck,
+  );
+  const needDiskUsage = performResourceChecks || checkOverlayStatus;
+  const diskUsage = needDiskUsage ? await checkDiskUsage(logger) : undefined;
+  if (needDiskUsage && diskUsage === undefined) {
+    logger.warning(
+      `Unable to determine disk usage, therefore setting overlay database mode to ${OverlayDatabaseMode.None}.`,
+    );
+    return new Failure(OverlayDisabledReason.UnableToDetermineDiskUsage);
+  }
+  const resourceResult =
+    performResourceChecks && diskUsage !== undefined
+      ? await checkRunnerResources(
+          codeql,
+          diskUsage,
+          ramInput,
+          logger,
+          useV2ResourceChecks,
+        )
+      : new Success<void>(undefined);
+  if (resourceResult.isFailure()) {
+    return resourceResult;
+  }
+  if (
+    checkOverlayStatus &&
+    diskUsage !== undefined &&
+    (await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger))
  ) {
-    const performResourceChecks = !(await features.getValue(
-      Feature.OverlayAnalysisSkipResourceChecks,
-      codeql,
-    ));
-    const useV2ResourceChecks = await features.getValue(
-      Feature.OverlayAnalysisResourceChecksV2,
+    logger.info(
+      `Setting overlay database mode to ${OverlayDatabaseMode.None} ` +
+        "because overlay analysis previously failed with this combination of languages, " +
+        "disk space, and CodeQL version.",
    );
-    const checkOverlayStatus = await features.getValue(
-      Feature.OverlayAnalysisStatusCheck,
+    return new Failure(OverlayDisabledReason.SkippedDueToCachedStatus);
+  }
+
+  let overlayDatabaseMode: OverlayDatabaseMode;
+  if (isAnalyzingPullRequest()) {
+    overlayDatabaseMode = OverlayDatabaseMode.Overlay;
+    logger.info(
+      `Setting overlay database mode to ${overlayDatabaseMode} ` +
+        "with caching because we are analyzing a pull request.",
+    );
+  } else if (await isAnalyzingDefaultBranch()) {
+    overlayDatabaseMode = OverlayDatabaseMode.OverlayBase;
+    logger.info(
+      `Setting overlay database mode to ${overlayDatabaseMode} ` +
+        "with caching because we are analyzing the default branch.",
    );
-    const diskUsage =
-      performResourceChecks || checkOverlayStatus
-        ? await checkDiskUsage(logger)
-        : undefined;
-    if (
-      performResourceChecks &&
-      !(await runnerSupportsOverlayAnalysis(
-        codeql,
-        diskUsage,
-        ramInput,
-        logger,
-        useV2ResourceChecks,
-      ))
-    ) {
-      overlayDatabaseMode = OverlayDatabaseMode.None;
-      disabledReason = OverlayDisabledReason.InsufficientResources;
-    } else if (checkOverlayStatus && diskUsage === undefined) {
-      logger.warning(
-        `Unable to determine disk usage, therefore setting overlay database mode to ${OverlayDatabaseMode.None}.`,
-      );
-      overlayDatabaseMode = OverlayDatabaseMode.None;
-      disabledReason = OverlayDisabledReason.UnableToDetermineDiskUsage;
-    } else if (
-      checkOverlayStatus &&
-      diskUsage &&
-      (await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger))
-    ) {
-      logger.info(
-        `Setting overlay database mode to ${OverlayDatabaseMode.None} ` +
-          "because overlay analysis previously failed with this combination of languages, " +
-          "disk space, and CodeQL version.",
-      );
-      overlayDatabaseMode = OverlayDatabaseMode.None;
-      disabledReason = OverlayDisabledReason.SkippedDueToCachedStatus;
-    } else if (isAnalyzingPullRequest()) {
-      overlayDatabaseMode = OverlayDatabaseMode.Overlay;
-      useOverlayDatabaseCaching = true;
-      logger.info(
-        `Setting overlay database mode to ${overlayDatabaseMode} ` +
-          "with caching because we are analyzing a pull request.",
-      );
-    } else if (await isAnalyzingDefaultBranch()) {
-      overlayDatabaseMode = OverlayDatabaseMode.OverlayBase;
-      useOverlayDatabaseCaching = true;
-      logger.info(
-        `Setting overlay database mode to ${overlayDatabaseMode} ` +
-          "with caching because we are analyzing the default branch.",
-      );
-    }
  } else {
-    disabledReason = OverlayDisabledReason.FeatureNotEnabled;
+    return new Failure(OverlayDisabledReason.NotPullRequestOrDefaultBranch);
  }

-  const disabledResult = (reason: OverlayDisabledReason | undefined) => ({
-    overlayDatabaseMode: OverlayDatabaseMode.None,
-    useOverlayDatabaseCaching: false,
-    disabledReason: reason,
-  });
-
-  if (overlayDatabaseMode === OverlayDatabaseMode.None) {
-    return disabledResult(disabledReason);
-  }
+  return validateOverlayDatabaseMode(
+    overlayDatabaseMode,
+    true,
+    codeql,
+    languages,
+    sourceRoot,
+    buildMode,
+    gitVersion,
+    logger,
+  );
+}

+/**
+ * Validates that the given overlay database mode is compatible with the current
+ * configuration (build mode, CodeQL version, git repository, git version). Returns
+ * the mode unchanged if all checks pass, or falls back to `None` with the
+ * appropriate disabled reason.
+ */
+async function validateOverlayDatabaseMode(
+  overlayDatabaseMode: Exclude<OverlayDatabaseMode, OverlayDatabaseMode.None>,
+  useOverlayDatabaseCaching: boolean,
+  codeql: CodeQL,
+  languages: Language[],
+  sourceRoot: string,
+  buildMode: BuildMode | undefined,
+  gitVersion: GitVersionInfo | undefined,
+  logger: Logger,
+): Promise<Result<EnabledOverlayConfig, OverlayDisabledReason>> {
  if (
    buildMode !== BuildMode.None &&
    (
@@ -937,7 +969,7 @@ export async function getOverlayDatabaseMode(
        `build-mode is set to "${buildMode}" instead of "none". ` +
        "Falling back to creating a normal full database instead.",
    );
-    return disabledResult(OverlayDisabledReason.IncompatibleBuildMode);
+    return new Failure(OverlayDisabledReason.IncompatibleBuildMode);
  }
  if (!(await codeQlVersionAtLeast(codeql, CODEQL_OVERLAY_MINIMUM_VERSION))) {
    logger.warning(
@@ -945,7 +977,7 @@ export async function getOverlayDatabaseMode(
        `the CodeQL CLI is older than ${CODEQL_OVERLAY_MINIMUM_VERSION}. ` +
        "Falling back to creating a normal full database instead.",
    );
-    return disabledResult(OverlayDisabledReason.IncompatibleCodeQl);
+    return new Failure(OverlayDisabledReason.IncompatibleCodeQl);
  }
  if ((await getGitRoot(sourceRoot)) === undefined) {
    logger.warning(
@@ -953,7 +985,7 @@ export async function getOverlayDatabaseMode(
        `the source root "${sourceRoot}" is not inside a git repository. ` +
        "Falling back to creating a normal full database instead.",
    );
-    return disabledResult(OverlayDisabledReason.NoGitRoot);
+    return new Failure(OverlayDisabledReason.NoGitRoot);
  }
  if (gitVersion === undefined) {
    logger.warning(
@@ -961,7 +993,7 @@ export async function getOverlayDatabaseMode(
        "the Git version could not be determined. " +
        "Falling back to creating a normal full database instead.",
    );
-    return disabledResult(OverlayDisabledReason.IncompatibleGit);
+    return new Failure(OverlayDisabledReason.IncompatibleGit);
  }
  if (!gitVersion.isAtLeast(GIT_MINIMUM_VERSION_FOR_OVERLAY)) {
    logger.warning(
@@ -969,14 +1001,13 @@ export async function getOverlayDatabaseMode(
        `the installed Git version is older than ${GIT_MINIMUM_VERSION_FOR_OVERLAY}. ` +
        "Falling back to creating a normal full database instead.",
    );
-    return disabledResult(OverlayDisabledReason.IncompatibleGit);
+    return new Failure(OverlayDisabledReason.IncompatibleGit);
  }

-  return {
+  return new Success({
    overlayDatabaseMode,
    useOverlayDatabaseCaching,
-    disabledReason,
-  };
+  });
 }

 function dbLocationOrDefault(
@@ -1122,11 +1153,7 @@ export async function initConfig(
  // and queries, which in turn depends on the user config and the augmentation
  // properties. So we need to calculate the overlay database mode after the
  // rest of the config has been populated.
-  const {
-    overlayDatabaseMode,
-    useOverlayDatabaseCaching,
-    disabledReason: overlayDisabledReason,
-  } = await getOverlayDatabaseMode(
+  const overlayDatabaseModeResult = await checkOverlayEnablement(
    inputs.codeql,
    inputs.features,
    config.languages,
@@ -1138,14 +1165,22 @@ export async function initConfig(
    gitVersion,
    logger,
  );
-  logger.info(
-    `Using overlay database mode: ${overlayDatabaseMode} ` +
-      `${useOverlayDatabaseCaching ? "with" : "without"} caching.`,
-  );
-  config.overlayDatabaseMode = overlayDatabaseMode;
-  config.useOverlayDatabaseCaching = useOverlayDatabaseCaching;
-
-  if (overlayDisabledReason !== undefined) {
+  if (overlayDatabaseModeResult.isSuccess()) {
+    const { overlayDatabaseMode, useOverlayDatabaseCaching } =
+      overlayDatabaseModeResult.value;
+    logger.info(
+      `Using overlay database mode: ${overlayDatabaseMode} ` +
+        `${useOverlayDatabaseCaching ? "with" : "without"} caching.`,
+    );
+    config.overlayDatabaseMode = overlayDatabaseMode;
+    config.useOverlayDatabaseCaching = useOverlayDatabaseCaching;
+  } else {
+    const overlayDisabledReason = overlayDatabaseModeResult.value;
+    logger.info(
+      `Using overlay database mode: ${OverlayDatabaseMode.None} without caching.`,
+    );
+    config.overlayDatabaseMode = OverlayDatabaseMode.None;
+    config.useOverlayDatabaseCaching = false;
    await addOverlayDisablementDiagnostics(
      config,
      inputs.codeql,
@@ -1154,7 +1189,7 @@ export async function initConfig(
  }

  if (
-    overlayDatabaseMode === OverlayDatabaseMode.Overlay ||
+    config.overlayDatabaseMode === OverlayDatabaseMode.Overlay ||
    (await shouldPerformDiffInformedAnalysis(
      inputs.codeql,
      inputs.features,
--- a/src/defaults.json
+++ b/src/defaults.json
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.24.2",
-  "cliVersion": "2.24.2",
-  "priorBundleVersion": "codeql-bundle-v2.24.1",
-  "priorCliVersion": "2.24.1"
+  "bundleVersion": "codeql-bundle-v2.24.3",
+  "cliVersion": "2.24.3",
+  "priorBundleVersion": "codeql-bundle-v2.24.2",
+  "priorCliVersion": "2.24.2"
 }
--- a/src/feature-flags.ts
+++ b/src/feature-flags.ts
@@ -87,7 +87,6 @@ export enum Feature {
  StartProxyRemoveUnusedRegistries = "start_proxy_remove_unused_registries",
  StartProxyUseFeaturesRelease = "start_proxy_use_features_release",
  UploadOverlayDbToApi = "upload_overlay_db_to_api",
-  UseRepositoryProperties = "use_repository_properties_v2",
  ValidateDbConfig = "validate_db_config",
 }

@@ -352,11 +351,6 @@ export const featureConfig = {
    minimumVersion: undefined,
    toolsFeature: ToolsFeature.BundleSupportsOverlay,
  },
-  [Feature.UseRepositoryProperties]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: undefined,
-  },
  [Feature.ValidateDbConfig]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
--- a/src/feature-flags/properties.test.ts
+++ b/src/feature-flags/properties.test.ts
@@ -5,7 +5,6 @@ import * as api from "../api-client";
 import { getRunnerLogger } from "../logging";
 import { parseRepositoryNwo } from "../repository";
 import { setupTests } from "../testing-utils";
-import * as util from "../util";

 import * as properties from "./properties";

@@ -23,13 +22,7 @@ test.serial(
    const logger = getRunnerLogger(true);
    const mockRepositoryNwo = parseRepositoryNwo("owner/repo");
    await t.throwsAsync(
-      properties.loadPropertiesFromApi(
-        {
-          type: util.GitHubVariant.DOTCOM,
-        },
-        logger,
-        mockRepositoryNwo,
-      ),
+      properties.loadPropertiesFromApi(logger, mockRepositoryNwo),
      {
        message: /Expected repository properties API to return an array/,
      },
@@ -38,7 +31,7 @@ test.serial(
 );

 test.serial(
-  "loadPropertiesFromApi throws if response data contains unexpected objects",
+  "loadPropertiesFromApi throws if response data contains objects without `property_name`",
  async (t) => {
    sinon.stub(api, "getRepositoryProperties").resolves({
      headers: {},
@@ -49,13 +42,7 @@ test.serial(
    const logger = getRunnerLogger(true);
    const mockRepositoryNwo = parseRepositoryNwo("owner/repo");
    await t.throwsAsync(
-      properties.loadPropertiesFromApi(
-        {
-          type: util.GitHubVariant.DOTCOM,
-        },
-        logger,
-        mockRepositoryNwo,
-      ),
+      properties.loadPropertiesFromApi(logger, mockRepositoryNwo),
      {
        message:
          /Expected repository property object to have a 'property_name'/,
@@ -65,28 +52,22 @@ test.serial(
 );

 test.serial(
-  "loadPropertiesFromApi returns empty object if on GHES",
+  "loadPropertiesFromApi does not throw for unexpected value types of unknown properties",
  async (t) => {
    sinon.stub(api, "getRepositoryProperties").resolves({
      headers: {},
      status: 200,
      url: "",
      data: [
-        { property_name: "github-codeql-extra-queries", value: "+queries" },
-        { property_name: "unknown-property", value: "something" },
-      ] satisfies properties.GitHubPropertiesResponse,
+        { property_name: "not-used-by-us", value: { foo: "bar" } },
+        { property_name: "also-not-used-by-us", value: ["A", "B", "C"] },
+      ],
    });
    const logger = getRunnerLogger(true);
    const mockRepositoryNwo = parseRepositoryNwo("owner/repo");
-    const response = await properties.loadPropertiesFromApi(
-      {
-        type: util.GitHubVariant.GHES,
-        version: "",
-      },
-      logger,
-      mockRepositoryNwo,
+    await t.notThrowsAsync(
+      properties.loadPropertiesFromApi(logger, mockRepositoryNwo),
    );
-    t.deepEqual(response, {});
  },
 );

@@ -103,9 +84,6 @@ test.serial("loadPropertiesFromApi loads known properties", async (t) => {
  const logger = getRunnerLogger(true);
  const mockRepositoryNwo = parseRepositoryNwo("owner/repo");
  const response = await properties.loadPropertiesFromApi(
-    {
-      type: util.GitHubVariant.DOTCOM,
-    },
    logger,
    mockRepositoryNwo,
  );
@@ -129,9 +107,6 @@ test.serial("loadPropertiesFromApi parses true boolean property", async (t) => {
  const warningSpy = sinon.spy(logger, "warning");
  const mockRepositoryNwo = parseRepositoryNwo("owner/repo");
  const response = await properties.loadPropertiesFromApi(
-    {
-      type: util.GitHubVariant.DOTCOM,
-    },
    logger,
    mockRepositoryNwo,
  );
@@ -160,9 +135,6 @@ test.serial(
    const warningSpy = sinon.spy(logger, "warning");
    const mockRepositoryNwo = parseRepositoryNwo("owner/repo");
    const response = await properties.loadPropertiesFromApi(
-      {
-        type: util.GitHubVariant.DOTCOM,
-      },
      logger,
      mockRepositoryNwo,
    );
@@ -174,7 +146,7 @@ test.serial(
 );

 test.serial(
-  "loadPropertiesFromApi throws if property value is not a string",
+  "loadPropertiesFromApi throws if known property value is not a string",
  async (t) => {
    sinon.stub(api, "getRepositoryProperties").resolves({
      headers: {},
@@ -185,16 +157,10 @@ test.serial(
    const logger = getRunnerLogger(true);
    const mockRepositoryNwo = parseRepositoryNwo("owner/repo");
    await t.throwsAsync(
-      properties.loadPropertiesFromApi(
-        {
-          type: util.GitHubVariant.DOTCOM,
-        },
-        logger,
-        mockRepositoryNwo,
-      ),
+      properties.loadPropertiesFromApi(logger, mockRepositoryNwo),
      {
        message:
-          /Expected repository property 'github-codeql-extra-queries' to have a string value/,
+          /Unexpected value for repository property 'github-codeql-extra-queries' \(number\), got: 123/,
      },
    );
  },
@@ -218,9 +184,6 @@ test.serial(
    const warningSpy = sinon.spy(logger, "warning");
    const mockRepositoryNwo = parseRepositoryNwo("owner/repo");
    const response = await properties.loadPropertiesFromApi(
-      {
-        type: util.GitHubVariant.DOTCOM,
-      },
      logger,
      mockRepositoryNwo,
    );
--- a/src/feature-flags/properties.ts
+++ b/src/feature-flags/properties.ts
@@ -1,7 +1,6 @@
 import { getRepositoryProperties } from "../api-client";
 import { Logger } from "../logging";
 import { RepositoryNwo } from "../repository";
-import { GitHubVariant, GitHubVersion } from "../util";

 /**
 * Enumerates repository property names that have some meaning to us.
@@ -12,7 +11,7 @@ export enum RepositoryPropertyName {
 }

 /** Parsed types of the known repository properties. */
-type AllRepositoryProperties = {
+export type AllRepositoryProperties = {
  [RepositoryPropertyName.DISABLE_OVERLAY]: boolean;
  [RepositoryPropertyName.EXTRA_QUERIES]: string;
 };
@@ -20,16 +19,56 @@ type AllRepositoryProperties = {
 /** Parsed repository properties. */
 export type RepositoryProperties = Partial<AllRepositoryProperties>;

+/** Maps known repository properties to the type we expect to get from the API. */
+export type RepositoryPropertyApiType = {
+  [RepositoryPropertyName.DISABLE_OVERLAY]: string;
+  [RepositoryPropertyName.EXTRA_QUERIES]: string;
+};
+
+/** The type of functions which take the `value` from the API and try to convert it to the type we want. */
+export type PropertyParser<K extends RepositoryPropertyName> = (
+  name: K,
+  value: RepositoryPropertyApiType[K],
+  logger: Logger,
+) => AllRepositoryProperties[K];
+
+/** Possible types of `value`s we get from the API. */
+export type RepositoryPropertyValue = string | string[];
+
+/** The type of repository property configurations. */
+export type PropertyInfo<K extends RepositoryPropertyName> = {
+  /** A validator which checks that the value received from the API is what we expect. */
+  validate: (
+    value: RepositoryPropertyValue,
+  ) => value is RepositoryPropertyApiType[K];
+  /** A `PropertyParser` for the property. */
+  parse: PropertyParser<K>;
+};
+
+/** Determines whether a value from the API is a string or not. */
+function isString(value: RepositoryPropertyValue): value is string {
+  return typeof value === "string";
+}
+
+/** A repository property that we expect to contain a string value. */
+const stringProperty = {
+  validate: isString,
+  parse: parseStringRepositoryProperty,
+};
+
+/** A repository property that we expect to contain a boolean value. */
+const booleanProperty = {
+  // The value from the API should come as a string, which we then parse into a boolean.
+  validate: isString,
+  parse: parseBooleanRepositoryProperty,
+};
+
 /** Parsers that transform repository properties from the API response into typed values. */
 const repositoryPropertyParsers: {
-  [K in RepositoryPropertyName]: (
-    name: K,
-    value: string,
-    logger: Logger,
-  ) => AllRepositoryProperties[K];
+  [K in RepositoryPropertyName]: PropertyInfo<K>;
 } = {
-  [RepositoryPropertyName.DISABLE_OVERLAY]: parseBooleanRepositoryProperty,
-  [RepositoryPropertyName.EXTRA_QUERIES]: parseStringRepositoryProperty,
+  [RepositoryPropertyName.DISABLE_OVERLAY]: booleanProperty,
+  [RepositoryPropertyName.EXTRA_QUERIES]: stringProperty,
 };

 /**
@@ -37,7 +76,7 @@ const repositoryPropertyParsers: {
 */
 export interface GitHubRepositoryProperty {
  property_name: string;
-  value: string;
+  value: RepositoryPropertyValue;
 }

 /**
@@ -53,16 +92,9 @@ export type GitHubPropertiesResponse = GitHubRepositoryProperty[];
 * @returns Returns a partial mapping from `RepositoryPropertyName` to values.
 */
 export async function loadPropertiesFromApi(
-  gitHubVersion: GitHubVersion,
  logger: Logger,
  repositoryNwo: RepositoryNwo,
 ): Promise<RepositoryProperties> {
-  // TODO: To be safe for now; later we should replace this with a version check once we know
-  // which version of GHES we expect this to be supported by.
-  if (gitHubVersion.type === GitHubVariant.GHES) {
-    return {};
-  }
-
  try {
    const response = await getRepositoryProperties(repositoryNwo);
    const remoteProperties = response.data as GitHubPropertiesResponse;
@@ -85,12 +117,6 @@ export async function loadPropertiesFromApi(
        );
      }

-      if (typeof property.value !== "string") {
-        throw new Error(
-          `Expected repository property '${property.property_name}' to have a string value, but got: ${JSON.stringify(property)}`,
-        );
-      }
-
      if (isKnownPropertyName(property.property_name)) {
        setProperty(properties, property.property_name, property.value, logger);
      }
@@ -117,14 +143,30 @@ export async function loadPropertiesFromApi(
  }
 }

-/** Update the partial set of repository properties with the parsed value of the specified property. */
+/**
+ * Validate that `value` has the correct type for `K` and, if so, update the partial set of repository
+ * properties with the parsed value of the specified property.
+ */
 function setProperty<K extends RepositoryPropertyName>(
  properties: RepositoryProperties,
  name: K,
-  value: string,
+  value: RepositoryPropertyValue,
  logger: Logger,
 ): void {
-  properties[name] = repositoryPropertyParsers[name](name, value, logger);
+  const propertyOptions = repositoryPropertyParsers[name];
+
+  // We perform the validation here for two reasons:
+  // 1. This function is only called if `name` is a property we care about, to avoid throwing
+  //    on unrelated properties that may use representations we do not support.
+  // 2. The `propertyOptions.validate` function checks that the type of `value` we received from
+  //    the API is what expect and narrows the type accordingly, allowing us to call `parse`.
+  if (propertyOptions.validate(value)) {
+    properties[name] = propertyOptions.parse(name, value, logger);
+  } else {
+    throw new Error(
+      `Unexpected value for repository property '${name}' (${typeof value}), got: ${JSON.stringify(value)}`,
+    );
+  }
 }

 /** Parse a boolean repository property. */
--- a/src/init-action.ts
+++ b/src/init-action.ts
@@ -93,7 +93,6 @@ import {
  checkActionVersion,
  getErrorMessage,
  BuildMode,
-  GitHubVersion,
  Result,
  getOptionalEnvVar,
  Success,
@@ -250,8 +249,6 @@ async function run(startedAt: Date) {
    // Fetch the values of known repository properties that affect us.
    const repositoryPropertiesResult = await loadRepositoryProperties(
      repositoryNwo,
-      gitHubVersion,
-      features,
      logger,
    );

@@ -820,8 +817,6 @@ async function run(startedAt: Date) {
 */
 async function loadRepositoryProperties(
  repositoryNwo: RepositoryNwo,
-  gitHubVersion: GitHubVersion,
-  features: FeatureEnablement,
  logger: Logger,
 ): Promise<Result<RepositoryProperties, unknown>> {
  // See if we can skip loading repository properties early. In particular,
@@ -839,17 +834,8 @@ async function loadRepositoryProperties(
    return new Success({});
  }

-  if (!(await features.getValue(Feature.UseRepositoryProperties))) {
-    logger.debug(
-      "Skipping loading repository properties because the UseRepositoryProperties feature flag is disabled.",
-    );
-    return new Success({});
-  }
-
  try {
-    return new Success(
-      await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo),
-    );
+    return new Success(await loadPropertiesFromApi(logger, repositoryNwo));
  } catch (error) {
    logger.warning(
      `Failed to load repository properties: ${getErrorMessage(error)}`,
--- a/src/overlay/diagnostics.ts
+++ b/src/overlay/diagnostics.ts
@@ -10,20 +10,35 @@ import { RepositoryPropertyName } from "../feature-flags/properties";

 /** Reason why overlay analysis was disabled. */
 export enum OverlayDisabledReason {
+  /** Overlay analysis was disabled by the CODEQL_OVERLAY_DATABASE_MODE environment variable being set to "none". */
+  DisabledByEnvironmentVariable = "disabled-by-environment-variable",
  /** Overlay analysis was disabled by a repository property. */
  DisabledByRepositoryProperty = "disabled-by-repository-property",
-  /** Overlay analysis feature was not enabled. */
-  FeatureNotEnabled = "feature-not-enabled",
  /** The build mode is incompatible with overlay analysis. */
  IncompatibleBuildMode = "incompatible-build-mode",
  /** The CodeQL CLI version is too old to support overlay analysis. */
  IncompatibleCodeQl = "incompatible-codeql",
  /** The Git version could not be determined or is too old. */
  IncompatibleGit = "incompatible-git",
-  /** The runner does not have enough disk space or memory. */
-  InsufficientResources = "insufficient-resources",
+  /** The runner does not have enough disk space to perform overlay analysis. */
+  InsufficientDiskSpace = "insufficient-disk-space",
+  /** The runner does not have enough memory to perform overlay analysis. */
+  InsufficientMemory = "insufficient-memory",
+  /** Overlay analysis is not enabled for one or more of the configured languages. */
+  LanguageNotEnabled = "language-not-enabled",
  /** The source root is not inside a git repository. */
  NoGitRoot = "no-git-root",
+  /**
+   * For one or more of the configured languages, overlay analysis is only
+   * enabled when using the default query suite, but the config customises the
+   * queries by disabling default queries, specifying custom queries or packs,
+   * or adding query filters.
+   */
+  NonDefaultQueries = "non-default-queries",
+  /** We are not analyzing a pull request or the default branch. */
+  NotPullRequestOrDefaultBranch = "not-pull-request-or-default-branch",
+  /** The top-level overlay analysis feature flag is not enabled. */
+  OverallFeatureNotEnabled = "overall-feature-not-enabled",
  /** Overlay analysis was skipped because it previously failed with similar hardware resources. */
  SkippedDueToCachedStatus = "skipped-due-to-cached-status",
  /** Disk usage could not be determined during the overlay status check. */