Merge remote-tracking branch 'origin/main' into mbg/upload-lib/post-process

lib/init-action-post.js

@@ -129673,7 +129673,7 @@ var GitHubFeatureFlags = class {
         remoteFlags = { ...remoteFlags, ...chunkFlags };
       }
       this.logger.debug(
-        "Loaded the following default values for the feature flags from the Code Scanning API:"
+        "Loaded the following default values for the feature flags from the CodeQL Action API:"
       );
       for (const [feature, value] of Object.entries(remoteFlags).sort(
         ([nameA], [nameB]) => nameA.localeCompare(nameB)
@@ -129686,7 +129686,7 @@ var GitHubFeatureFlags = class {
       const httpError = asHTTPError(e);
       if (httpError?.status === 403) {
         this.logger.warning(
-          `This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: ${httpError.message}`
+          `This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: ${httpError.message}`
         );
         this.hasAccessedRemoteFeatureFlags = false;
         return {};
@@ -131736,8 +131736,8 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi
     return void 0;
   }
 }
-var OUT_OF_DATE_MSG = "CodeQL Action is out-of-date. Please upgrade to the latest version of codeql-action.";
-var INCOMPATIBLE_MSG = "CodeQL Action version is incompatible with the code scanning endpoint. Please update to a compatible version of codeql-action.";
+var OUT_OF_DATE_MSG = "CodeQL Action is out-of-date. Please upgrade to the latest version of `codeql-action`.";
+var INCOMPATIBLE_MSG = "CodeQL Action version is incompatible with the API endpoint. Please update to a compatible version of `codeql-action`.";
 async function sendStatusReport(statusReport) {
   setJobStatusIfUnsuccessful(statusReport.status);
   const statusReportJSON = JSON.stringify(statusReport);
@@ -131764,10 +131764,12 @@ async function sendStatusReport(statusReport) {
         case 403:
           if (getWorkflowEventName() === "push" && process.env["GITHUB_ACTOR"] === "dependabot[bot]") {
             core13.warning(
-              `Workflows triggered by Dependabot on the "push" event run with read-only access. Uploading Code Scanning results requires write access. To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. See ${"https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push" /* SCANNING_ON_PUSH */} for more information on how to configure these events.`
+              `Workflows triggered by Dependabot on the "push" event run with read-only access. Uploading CodeQL results requires write access. To use CodeQL with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. See ${"https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push" /* SCANNING_ON_PUSH */} for more information on how to configure these events.`
             );
           } else {
-            core13.warning(httpError.message);
+            core13.warning(
+              `This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: ${httpError.message}`
+            );
           }
           return;
         case 404:
@@ -131783,7 +131785,7 @@ async function sendStatusReport(statusReport) {
       }
     }
     core13.warning(
-      `An unexpected error occurred when sending code scanning status report: ${getErrorMessage(
+      `An unexpected error occurred when sending a status report: ${getErrorMessage(
         e
       )}`
     );