Bump Go to 1.25-rc.1

Fail `build.sh` if any command in it fails

.github/actions/prepare-test/action.yml

@@ -29,24 +29,27 @@ runs:
     - id: get-url
       name: Determine URL
       shell: bash
+      env:
+        VERSION: ${{ inputs.version }}
+        USE_ALL_PLATFORM_BUNDLE: ${{ inputs.use-all-platform-bundle }}
       run: |
         set -e # Fail this Action if `gh release list` fails.
 
-        if [[ ${{ inputs.version }} == "linked" ]]; then
+        if [[ "$VERSION" == "linked" ]]; then
           echo "tools-url=linked" >> "$GITHUB_OUTPUT"
           exit 0
-        elif [[ ${{ inputs.version }} == "default" ]]; then
+        elif [[ "$VERSION" == "default" ]]; then
           echo "tools-url=" >> "$GITHUB_OUTPUT"
           exit 0
         fi
 
-        if [[ ${{ inputs.version }} == "nightly-latest" && "$RUNNER_OS" != "Windows" ]]; then
+        if [[ "$VERSION" == "nightly-latest" && "$RUNNER_OS" != "Windows" ]]; then
           extension="tar.zst"
         else
           extension="tar.gz"
         fi
 
-        if [[ ${{ inputs.use-all-platform-bundle }} == "true" ]]; then
+        if [[ "$USE_ALL_PLATFORM_BUNDLE" == "true" ]]; then
           artifact_name="codeql-bundle.$extension"
         elif [[ "$RUNNER_OS" == "Linux" ]]; then
           artifact_name="codeql-bundle-linux64.$extension"
@@ -59,14 +62,14 @@ runs:
           exit 1
         fi
 
-        if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
+        if [[ "$VERSION" == "nightly-latest" ]]; then
           tag=`gh release list --repo dsp-testing/codeql-cli-nightlies -L 1 | cut -f 3`
           echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$tag/$artifact_name" >> $GITHUB_OUTPUT
-        elif [[ ${{ inputs.version }} == *"nightly"* ]]; then
-          version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
+        elif [[ "$VERSION" == *"nightly"* ]]; then
+          version=`echo "$VERSION" | sed -e 's/^.*\-//'`
           echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
-        elif [[ ${{ inputs.version }} == *"stable"* ]]; then
-          version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
+        elif [[ "$VERSION" == *"stable"* ]]; then
+          version=`echo "$VERSION" | sed -e 's/^.*\-//'`
           echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
         else
           echo "::error::Unrecognized version specified!"

.github/actions/release-branches/action.yml

@@ -18,8 +18,11 @@ runs:
   using: "composite"
   steps:
     - id: branches
+      env:
+        MAJOR_VERSION: ${{ inputs.major_version }}
+        LATEST_TAG: ${{ inputs.latest_tag }}
       run: |
         python ${{ github.action_path }}/release-branches.py \
-            --major-version ${{ inputs.major_version }} \
-            --latest-tag ${{ inputs.latest_tag }}
+            --major-version "$MAJOR_VERSION" \
+            --latest-tag "$LATEST_TAG"
       shell: bash

.github/dependabot.yml

@@ -2,8 +2,6 @@ version: 2
 updates:
   - package-ecosystem: npm
     directory: "/"
-    reviewers:
-      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     labels:
@@ -26,8 +24,6 @@ updates:
           - "*"
   - package-ecosystem: github-actions
     directory: "/"
-    reviewers:
-      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     groups:
@@ -36,8 +32,6 @@ updates:
           - "*"
   - package-ecosystem: github-actions
     directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
-    reviewers:
-      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     groups:

.github/workflows/__all-platform-bundle.yml

@@ -45,6 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'true'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - id: init
         uses: ./../action/init
         with:

.github/workflows/__analyze-ref-input.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__build-mode-manual.yml

@@ -45,6 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -27,6 +27,8 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - os: macos-latest
+            version: linked
           - os: macos-latest
             version: nightly-latest
     name: 'C/C++: autoinstalling dependencies is skipped (macOS)'

.github/workflows/__export-file-baseline-information.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__go-custom-queries.yml

@@ -47,9 +47,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         with:
           languages: go

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -45,10 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-      # We need a Go version that ships with statically linked binaries on Linux
-          go-version: '>=1.21.0'
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         with:
           languages: go

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml

@@ -45,10 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-      # We need a Go version that ships with statically linked binaries on Linux
-          go-version: '>=1.21.0'
+          go-version: 1.25.0-rc.1
+          cache: false
       - name: Remove `file` program
         run: |
           echo $(which file)

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -45,10 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-      # We need a Go version that ships with statically linked binaries on Linux
-          go-version: '>=1.21.0'
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         with:
           languages: go

.github/workflows/__go-tracing-autobuilder.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
           - os: ubuntu-latest
             version: stable-v2.16.6
           - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: macos-latest
             version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: 1.25.0-rc.1
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
           - os: ubuntu-latest
             version: stable-v2.16.6
           - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: macos-latest
             version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: 1.25.0-rc.1
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
           - os: ubuntu-latest
             version: stable-v2.16.6
           - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: macos-latest
             version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: 1.25.0-rc.1
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__multi-language-autodetect.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: macos-latest
-            version: stable-v2.15.5
-          - os: ubuntu-latest
-            version: stable-v2.15.5
           - os: macos-latest
             version: stable-v2.16.6
           - os: ubuntu-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: ubuntu-latest
             version: stable-v2.19.4
+          - os: macos-latest
+            version: stable-v2.20.7
+          - os: ubuntu-latest
+            version: stable-v2.20.7
           - os: macos-latest
             version: default
           - os: ubuntu-latest
@@ -75,10 +75,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
-
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__packaging-config-inputs-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__packaging-config-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging.yml

.github/workflows/__packaging-inputs-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging2.yml

.github/workflows/__quality-queries.yml

@@ -0,0 +1,100 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Quality queries input
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  quality-queries:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            version: linked
+          - os: macos-latest
+            version: linked
+          - os: windows-latest
+            version: linked
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
+    name: Quality queries input
+    permissions:
+      contents: read
+      security-events: read
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - uses: ./../action/init
+        with:
+          languages: javascript
+          quality-queries: code-quality
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
+      - name: Upload SARIF
+        uses: actions/upload-artifact@v4
+        with:
+          name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+          path: ${{ runner.temp }}/results/javascript.sarif
+          retention-days: 7
+      - name: Check config properties appear in SARIF
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
+        with:
+          script: |
+            const fs = require('fs');
+
+            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+            const run = sarif.runs[0];
+            const configSummary = run.properties.codeqlConfigSummary;
+
+            if (configSummary === undefined) {
+              core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
+            }
+            if (configSummary.disableDefaultQueries !== false) {
+              core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
+                `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
+            }
+            const expectedQueries = [{ type: 'builtinSuite', uses: 'code-quality' }];
+            // Use JSON.stringify to deep-equal the arrays.
+            if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
+              core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
+                `${JSON.stringify(configSummary.queries)}.`);
+            }
+            core.info('Finished config export tests.');
+    env:
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__remote-config.yml

@@ -47,6 +47,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__rubocop-multi-language.yml

@@ -46,7 +46,7 @@ jobs:
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
       - name: Set up Ruby
-        uses: ruby/setup-ruby@1a615958ad9d422dd932dc1d5823942ee002799f # v1.227.0
+        uses: ruby/setup-ruby@a4effe49ee8ee5b8b5091268c473a4628afb5651 # v1.245.0
         with:
           ruby-version: 2.6
       - name: Install Code Scanning integration

.github/workflows/__split-workflow.yml

@@ -55,6 +55,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__swift-custom-build.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__test-local-codeql.yml

@@ -45,6 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - name: Fetch a CodeQL bundle
         shell: bash
         env:

.github/workflows/__unset-environment.yml

@@ -47,6 +47,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         id: init
         with:
@@ -54,9 +59,6 @@ jobs:
       # Swift is not supported on Ubuntu so we manually exclude it from the list here
           languages: cpp,csharp,go,java,javascript,python,ruby
           tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - uses: actions/setup-go@v5
-        with:
-          go-version: '>=1.21.0'
       - name: Build code
         shell: bash
         run: env -i PATH="$PATH" HOME="$HOME" ./build.sh

.github/workflows/__upload-ref-sha-input.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__with-checkout-path.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.25.0-rc.1
+          cache: false
       - name: Delete original checkout
         shell: bash
         run: |

.github/workflows/codeql.yml

@@ -75,7 +75,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-20.04,ubuntu-22.04,windows-2019,windows-2022,macos-13,macos-14]
+        os: [ubuntu-22.04,ubuntu-24.04,windows-2022,windows-2025,macos-13,macos-14,macos-15]
         tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
     runs-on: ${{ matrix.os }}
 

.github/workflows/codescanning-config-cli.yml

@@ -3,6 +3,9 @@
 name: Code-Scanning config CLI tests
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  # Diff informed queries add an additional query filter which is not yet
+  # taken into account by these tests.
+  CODEQL_ACTION_DIFF_INFORMED_QUERIES: false
 
 on:
   push:

.github/workflows/post-release-mergeback.yml

@@ -168,7 +168,7 @@ jobs:
             --draft
 
       - name: Generate token
-        uses: actions/create-github-app-token@v1.11.7
+        uses: actions/create-github-app-token@v2.0.6
         id: app-token
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}

.github/workflows/update-release-branch.yml

@@ -124,7 +124,7 @@ jobs:
       pull-requests: write # needed to create pull request
     steps:
     - name: Generate token
-      uses: actions/create-github-app-token@v1.11.7
+      uses: actions/create-github-app-token@v2.0.6
       id: app-token
       with:
         app-id: ${{ vars.AUTOMATION_APP_ID }}

CHANGELOG.md

@@ -4,7 +4,42 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 ## [UNRELEASED]
 
-No user facing changes.
+- Fix bug in PR analysis where user-provided `include` query filter fails to exclude non-included queries. [#2938](https://github.com/github/codeql-action/pull/2938)
+
+## 3.29.0 - 11 Jun 2025
+
+- Update default CodeQL bundle version to 2.22.0. [#2925](https://github.com/github/codeql-action/pull/2925)
+- Bump minimum CodeQL bundle version to 2.16.6. [#2912](https://github.com/github/codeql-action/pull/2912)
+
+## 3.28.19 - 03 Jun 2025
+
+- The CodeQL Action no longer includes its own copy of the extractor for the `actions` language, which is currently in public preview.
+  The `actions` extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the `actions` language _and_ you have pinned
+  your `tools:` property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable
+  `actions` analysis.
+- Update default CodeQL bundle version to 2.21.4. [#2910](https://github.com/github/codeql-action/pull/2910)
+
+## 3.28.18 - 16 May 2025
+
+- Update default CodeQL bundle version to 2.21.3. [#2893](https://github.com/github/codeql-action/pull/2893)
+- Skip validating SARIF produced by CodeQL for improved performance. [#2894](https://github.com/github/codeql-action/pull/2894)
+- The number of threads and amount of RAM used by CodeQL can now be set via the `CODEQL_THREADS` and `CODEQL_RAM` runner environment variables. If set, these environment variables override the `threads` and `ram` inputs respectively. [#2891](https://github.com/github/codeql-action/pull/2891)
+
+## 3.28.17 - 02 May 2025
+
+- Update default CodeQL bundle version to 2.21.2. [#2872](https://github.com/github/codeql-action/pull/2872)
+
+## 3.28.16 - 23 Apr 2025
+
+- Update default CodeQL bundle version to 2.21.1. [#2863](https://github.com/github/codeql-action/pull/2863)
+
+## 3.28.15 - 07 Apr 2025
+
+- Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. [#2842](https://github.com/github/codeql-action/pull/2842)
+
+## 3.28.14 - 07 Apr 2025
+
+- Update default CodeQL bundle version to 2.21.0. [#2838](https://github.com/github/codeql-action/pull/2838)
 
 ## 3.28.13 - 24 Mar 2025
 

README.md

@@ -55,7 +55,7 @@ For compiled languages:
 
 - `manual` build mode will typically produce the most precise results, but it is more difficult to set up and will cause the analysis to take slightly more time to run.
 - `autobuild` build mode is simpler to set up, but will only work for projects with generic build steps that can be guessed by the heuristics of the autobuild scripts. If `autobuild` fails, then you must switch to `manual` or `none`. If `autobuild` succeeds, then the results and run time will be the same as `manual` mode.
-- `none` build mode is also simpler to set up and is slightly faster to run, but there is a possibility that some alerts will be missed. This may happen if your repository does any code generation during compilation or if there are any dependencies downloaded from registries that the workflow does not have access to. `none` is not yet supported by C/C++, Swift, Go, or Kotlin.
+- `none` build mode is also simpler to set up and is slightly faster to run, but there is a possibility that some alerts will be missed. This may happen if your repository does any code generation during compilation or if there are any dependencies downloaded from registries that the workflow does not have access to. `none` is not yet supported by Swift, Go, or Kotlin. It is in public preview for C/C++.
 
 
 ## Supported versions of the CodeQL Action
@@ -70,10 +70,11 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n
 
 | Minimum CodeQL Action | Minimum CodeQL Bundle Version | GitHub Environment | Notes |
 |-----------------------|-------------------------------|--------------------|-------|
-| `v3.26.6`  | `2.18.4` | Enterprise Server 3.15 | |
-| `v3.25.11` | `2.17.6` | Enterprise Server 3.14 | |
-| `v3.24.11` | `2.16.6` | Enterprise Server 3.13 | |
-| `v3.22.12` | `2.15.5` | Enterprise Server 3.12 | |
+| `v3.28.12`  | `2.20.7` | Enterprise Server 3.17 | |
+| `v3.28.6`  | `2.20.3` | Enterprise Server 3.16 | |
+| `v3.28.6`  | `2.20.3` | Enterprise Server 3.15 | |
+| `v3.28.6` | `2.20.3` | Enterprise Server 3.14 | |
+| `v3.28.6` | `2.20.3` | Enterprise Server 3.13 | |
 
 See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).
 

actions-extractor/codeql-extractor.yml

@@ -1,44 +0,0 @@
-name: "actions"
-aliases: []
-display_name: "GitHub Actions"
-version: 0.0.1
-column_kind: "utf16"
-unicode_newlines: true
-build_modes:
-  - none
-file_coverage_languages: []
-github_api_languages: []
-scc_languages: []
-file_types:
-  - name: workflow
-    display_name: GitHub Actions workflow files
-    extensions:
-      - .yml
-      - .yaml
-forwarded_extractor_name: javascript
-options:
-  trap:
-    title: TRAP options
-    description: Options about how the extractor handles TRAP files
-    type: object
-    visibility: 3
-    properties:
-      cache:
-        title: TRAP cache options
-        description: Options about how the extractor handles its TRAP cache
-        type: object
-        properties:
-          dir:
-            title: TRAP cache directory
-            description: The directory of the TRAP cache to use
-            type: string
-          bound:
-            title: TRAP cache bound
-            description: A soft limit (in MB) on the size of the TRAP cache
-            type: string
-            pattern: "[0-9]+"
-          write:
-            title: TRAP cache writeable
-            description: Whether to write to the TRAP cache as well as reading it
-            type: string
-            pattern: "(true|TRUE|false|FALSE)"

actions-extractor/tools/autobuild-impl.ps1

@@ -1,40 +0,0 @@
-if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) -or ($null -ne $env:LGTM_INDEX_FILTERS)) {
-    Write-Output 'Path filters set. Passing them through to the JavaScript extractor.' 
-} else {
-    Write-Output 'No path filters set. Using the default filters.'
-    $DefaultPathFilters = @(
-        'exclude:**/*',
-        'include:.github/workflows/**/*.yml',
-        'include:.github/workflows/**/*.yaml',
-        'include:**/action.yml',
-        'include:**/action.yaml'
-    )
-
-    $env:LGTM_INDEX_FILTERS = $DefaultPathFilters -join "`n"
-}
-
-# Find the JavaScript extractor directory via `codeql resolve extractor`.
-$CodeQL = Join-Path $env:CODEQL_DIST 'codeql.exe'
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &$CodeQL resolve extractor --language javascript
-if ($LASTEXITCODE -ne 0) {
-    throw 'Failed to resolve JavaScript extractor.'
-}
-
-Write-Output "Found JavaScript extractor at '${env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'."
-
-# Run the JavaScript autobuilder.
-$JavaScriptAutoBuild = Join-Path $env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT 'tools\autobuild.cmd'
-Write-Output "Running JavaScript autobuilder at '${JavaScriptAutoBuild}'."
-
-# Copy the values of the Actions extractor environment variables to the JavaScript extractor environment variables.
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_DIAGNOSTIC_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_LOG_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_LOG_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_SCRATCH_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE = $env:CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE
-
-&$JavaScriptAutoBuild
-if ($LASTEXITCODE -ne 0) {
-    throw "JavaScript autobuilder failed."
-}

actions-extractor/tools/autobuild.cmd

@@ -1,3 +0,0 @@
-@echo off
-rem All of the work is done in the PowerShell script
-powershell.exe %~dp0autobuild-impl.ps1

actions-extractor/tools/autobuild.sh

@@ -1,39 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-DEFAULT_PATH_FILTERS=$(cat << END
-exclude:**/*
-include:.github/workflows/**/*.yml
-include:.github/workflows/**/*.yaml
-include:**/action.yml
-include:**/action.yaml
-END
-)
-
-if [ -n "${LGTM_INDEX_INCLUDE:-}" ] || [ -n "${LGTM_INDEX_EXCLUDE:-}" ] || [ -n "${LGTM_INDEX_FILTERS:-}" ] ; then
-    echo "Path filters set. Passing them through to the JavaScript extractor."
-else
-    echo "No path filters set. Using the default filters."
-    LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}"
-    export LGTM_INDEX_FILTERS
-fi
-
-# Find the JavaScript extractor directory via `codeql resolve extractor`.
-CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$($CODEQL_DIST/codeql resolve extractor --language javascript)"
-export CODEQL_EXTRACTOR_JAVASCRIPT_ROOT
-
-echo "Found JavaScript extractor at '${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'."
-
-# Run the JavaScript autobuilder
-JAVASCRIPT_AUTO_BUILD="${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}/tools/autobuild.sh"
-echo "Running JavaScript autobuilder at '${JAVASCRIPT_AUTO_BUILD}'."
-
-# Copy the values of the Actions extractor environment variables to the JavaScript extractor environment variables.
-env CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR="${CODEQL_EXTRACTOR_ACTIONS_DIAGNOSTIC_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_LOG_DIR="${CODEQL_EXTRACTOR_ACTIONS_LOG_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR="${CODEQL_EXTRACTOR_ACTIONS_SCRATCH_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR="${CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR="${CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE}" \
-    ${JAVASCRIPT_AUTO_BUILD}

init/action.yml

@@ -83,6 +83,9 @@ inputs:
   queries:
     description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
     required: false
+  quality-queries:
+    description: '[Internal] Comma-separated list of code quality queries to run.'
+    required: false
   packs:
     description: >-
       Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not

lib/analyze-action.js

@@ -50,6 +50,7 @@ const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const database_upload_1 = require("./database-upload");
 const dependency_caching_1 = require("./dependency-caching");
+const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
@@ -193,7 +194,10 @@ async function run() {
         util.checkActionVersion(actionsUtil.getActionVersion(), gitHubVersion);
         const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
         const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger);
-        const diffRangePackDir = await (0, analyze_1.setupDiffInformedQueryRun)(codeql, logger, features);
+        const branches = await (0, diff_informed_analysis_utils_1.getDiffInformedAnalysisBranches)(codeql, features, logger);
+        const diffRangePackDir = branches
+            ? await (0, analyze_1.setupDiffInformedQueryRun)(branches, logger)
+            : undefined;
         await (0, analyze_1.warnIfGoInstalledAfterInit)(config, logger);
         await runAutobuildIfLegacyGoWorkflow(config, logger);
         dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, codeql, config, logger);

lib/analyze.js

@@ -47,7 +47,6 @@ exports.runCleanup = runCleanup;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const perf_hooks_1 = require("perf_hooks");
-const github = __importStar(require("@actions/github"));
 const io = __importStar(require("@actions/io"));
 const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
@@ -57,15 +56,13 @@ const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
 const dependency_caching_1 = require("./dependency-caching");
 const diagnostics_1 = require("./diagnostics");
-const diff_filtering_utils_1 = require("./diff-filtering-utils");
+const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
-const tools_features_1 = require("./tools-features");
 const tracer_config_1 = require("./tracer-config");
-const upload_lib_1 = require("./upload-lib");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 class CodeQLAnalysisError extends Error {
@@ -99,8 +96,7 @@ async function runExtraction(codeql, config, logger) {
             if (language === languages_1.Language.python) {
                 await setupPythonExtractor(logger);
             }
-            if (config.buildMode &&
-                (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+            if (config.buildMode) {
                 if (language === languages_1.Language.cpp &&
                     config.buildMode === util_1.BuildMode.Autobuild) {
                     await (0, autobuild_1.setupCppAutobuild)(codeql, logger);
@@ -160,47 +156,13 @@ async function finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag,
         trap_import_duration_ms: Math.round(trapImportTime),
     };
 }
-function getPullRequestBranches() {
-    const pullRequest = github.context.payload.pull_request;
-    if (pullRequest) {
-        return {
-            base: pullRequest.base.ref,
-            // We use the head label instead of the head ref here, because the head
-            // ref lacks owner information and by itself does not uniquely identify
-            // the head branch (which may be in a forked repository).
-            head: pullRequest.head.label,
-        };
-    }
-    // PR analysis under Default Setup does not have the pull_request context,
-    // but it should set CODE_SCANNING_REF and CODE_SCANNING_BASE_BRANCH.
-    const codeScanningRef = process.env.CODE_SCANNING_REF;
-    const codeScanningBaseBranch = process.env.CODE_SCANNING_BASE_BRANCH;
-    if (codeScanningRef && codeScanningBaseBranch) {
-        return {
-            base: codeScanningBaseBranch,
-            // PR analysis under Default Setup analyzes the PR head commit instead of
-            // the merge commit, so we can use the provided ref directly.
-            head: codeScanningRef,
-        };
-    }
-    return undefined;
-}
 /**
  * Set up the diff-informed analysis feature.
  *
  * @returns Absolute path to the directory containing the extension pack for
  * the diff range information, or `undefined` if the feature is disabled.
  */
-async function setupDiffInformedQueryRun(codeql, logger, features) {
-    if (!(await features.getValue(feature_flags_1.Feature.DiffInformedQueries, codeql))) {
-        return undefined;
-    }
-    const branches = getPullRequestBranches();
-    if (!branches) {
-        logger.info("Not performing diff-informed analysis " +
-            "because we are not analyzing a pull request.");
-        return undefined;
-    }
+async function setupDiffInformedQueryRun(branches, logger) {
     return await (0, logging_1.withGroupAsync)("Generating diff range extension pack", async () => {
         logger.info(`Calculating diff ranges for ${branches.base}...${branches.head}`);
         const diffRanges = await getPullRequestEditedDiffRanges(branches, logger);
@@ -378,7 +340,12 @@ function writeDiffRangeDataExtensionPack(logger, ranges) {
         ranges = [{ path: "", startLine: 0, endLine: 0 }];
     }
     const diffRangeDir = path.join(actionsUtil.getTemporaryDirectory(), "pr-diff-range");
-    fs.mkdirSync(diffRangeDir);
+    // We expect the Actions temporary directory to already exist, so are mainly
+    // using `recursive: true` to avoid errors if the directory already exists,
+    // for example if the analyze Action is run multiple times in the same job.
+    // This is not really something that is supported, but we make use of it in
+    // tests.
+    fs.mkdirSync(diffRangeDir, { recursive: true });
     fs.writeFileSync(path.join(diffRangeDir, "qlpack.yml"), `
 name: codeql-action/pr-diff-range
 version: 0.0.0
@@ -393,6 +360,7 @@ extensions:
   - addsTo:
       pack: codeql/util
       extensible: restrictAlertsTo
+      checkPresence: false
     data:
 `;
     let data = ranges
@@ -414,7 +382,7 @@ extensions:
     logger.debug(`Wrote pr-diff-range extension pack to ${extensionFilePath}:\n${extensionContents}`);
     // Write the diff ranges to a JSON file, for action-side alert filtering by the
     // upload-lib module.
-    (0, diff_filtering_utils_1.writeDiffRangesJsonFile)(logger, ranges);
+    (0, diff_informed_analysis_utils_1.writeDiffRangesJsonFile)(logger, ranges);
     return diffRangeDir;
 }
 // Runs queries and creates sarif files in the given folder
@@ -458,7 +426,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
             logger.endGroup();
             logger.info(analysisSummary);
             if (await features.getValue(feature_flags_1.Feature.QaTelemetryEnabled)) {
-                const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile, logger);
+                const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile);
                 const perQueryAlertCountEventReport = {
                     event: "codeql database interpret-results",
                     started_at: startTimeInterpretResults.toISOString(),
@@ -486,8 +454,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", sarifRunPropertyFlag, automationDetailsId, config, features);
     }
     /** Get an object with all queries and their counts parsed from a SARIF file path. */
-    function getPerQueryAlertCounts(sarifPath, log) {
-        (0, upload_lib_1.validateSarifFileSchema)(sarifPath, log);
+    function getPerQueryAlertCounts(sarifPath) {
         const sarifObject = JSON.parse(fs.readFileSync(sarifPath, "utf8"));
         // We do not need to compute fingerprints because we are not sending data based off of locations.
         // Generate the query: alert count object

lib/api-client.js

@@ -206,9 +206,14 @@ function wrapApiConfigurationError(e) {
     if ((0, util_1.isHTTPError)(e)) {
         if (e.message.includes("API rate limit exceeded for installation") ||
             e.message.includes("commit not found") ||
+            e.message.includes("Resource not accessible by integration") ||
             /ref .* not found in this repository/.test(e.message)) {
             return new util_1.ConfigurationError(e.message);
         }
+        else if (e.message.includes("Bad credentials") ||
+            e.message.includes("Not Found")) {
+            return new util_1.ConfigurationError("Please check that your token is valid and has the required permissions: contents: read, security-events: write");
+        }
     }
     return e;
 }

lib/api-client.test.js

@@ -145,5 +145,15 @@ function mockGetMetaVersionHeader(versionHeader) {
     const apiRateLimitError = new util.HTTPError("API rate limit exceeded for installation", 403);
     res = api.wrapApiConfigurationError(apiRateLimitError);
     t.deepEqual(res, new util.ConfigurationError("API rate limit exceeded for installation"));
+    const tokenSuggestionMessage = "Please check that your token is valid and has the required permissions: contents: read, security-events: write";
+    const badCredentialsError = new util.HTTPError("Bad credentials", 401);
+    res = api.wrapApiConfigurationError(badCredentialsError);
+    t.deepEqual(res, new util.ConfigurationError(tokenSuggestionMessage));
+    const notFoundError = new util.HTTPError("Not Found", 404);
+    res = api.wrapApiConfigurationError(notFoundError);
+    t.deepEqual(res, new util.ConfigurationError(tokenSuggestionMessage));
+    const resourceNotAccessibleError = new util.HTTPError("Resource not accessible by integration", 403);
+    res = api.wrapApiConfigurationError(resourceNotAccessibleError);
+    t.deepEqual(res, new util.ConfigurationError("Resource not accessible by integration"));
 });
 //# sourceMappingURL=api-client.test.js.map

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.17", "minimumVersion": "3.12" }
+{ "maximumVersion": "3.18", "minimumVersion": "3.13" }

lib/autobuild.js

@@ -45,11 +45,9 @@ const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const repository_1 = require("./repository");
-const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
-async function determineAutobuildLanguages(codeql, config, logger) {
-    if ((config.buildMode === util_1.BuildMode.None &&
-        (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) ||
+async function determineAutobuildLanguages(_codeql, config, logger) {
+    if (config.buildMode === util_1.BuildMode.None ||
         config.buildMode === util_1.BuildMode.Manual) {
         logger.info(`Using build mode "${config.buildMode}", nothing to autobuild. ` +
             `See ${doc_url_1.DocUrl.CODEQL_BUILD_MODES} for more information.`);
@@ -150,8 +148,7 @@ async function runAutobuild(config, language, logger) {
     if (language === languages_1.Language.cpp) {
         await setupCppAutobuild(codeQL, logger);
     }
-    if (config.buildMode &&
-        (await codeQL.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+    if (config.buildMode) {
         await codeQL.extractUsingBuildMode(config, language);
     }
     else {

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAeA,kEAkGC;AAED,8CAmCC;AAED,oCAsBC;AA9KD,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,uCAAmC;AACnC,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAgD;AAChD,qDAAgD;AAChD,iCAAmC;AAE5B,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CACT,qBAAqB,MAAM,CAAC,SAAS,2BAA2B;YAC9D,OAAO,gBAAM,CAAC,kBAAkB,wBAAwB,CAC3D,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,OAAO,gBAAM,CAAC,4BAA4B,wBAAwB,CACrE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,gBAAM,CAAC,oBAAoB,wBAAwB;gBAClJ,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,gBAAM,CAAC,oBAAoB,wBAAwB,CACnK,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,EACrE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAcA,kEAiGC;AAED,8CAmCC;AAED,oCAmBC;AAzKD,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,uCAAmC;AACnC,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAgD;AAChD,iCAAmC;AAE5B,KAAK,UAAU,2BAA2B,CAC/C,OAAe,EACf,MAA0B,EAC1B,MAAc;IAEd,IACE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QACnC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CACT,qBAAqB,MAAM,CAAC,SAAS,2BAA2B;YAC9D,OAAO,gBAAM,CAAC,kBAAkB,wBAAwB,CAC3D,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,OAAO,gBAAM,CAAC,4BAA4B,wBAAwB,CACrE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,gBAAM,CAAC,oBAAoB,wBAAwB;gBAClJ,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,gBAAM,CAAC,oBAAoB,wBAAwB,CACnK,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC"}

lib/codeql.js

@@ -54,7 +54,6 @@ const doc_url_1 = require("./doc-url");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const git_utils_1 = require("./git-utils");
-const languages_1 = require("./languages");
 const overlay_database_utils_1 = require("./overlay-database-utils");
 const setupCodeql = __importStar(require("./setup-codeql"));
 const tools_features_1 = require("./tools-features");
@@ -74,19 +73,19 @@ let cachedCodeQL = undefined;
  * The version flags below can be used to conditionally enable certain features
  * on versions newer than this.
  */
-const CODEQL_MINIMUM_VERSION = "2.15.5";
+const CODEQL_MINIMUM_VERSION = "2.16.6";
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
  */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.15.5";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.16.6";
 /**
  * This is the version of GHES that was most recently deprecated.
  */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.11";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.12";
 /**
  * This is the deprecation date for the version of GHES that was most recently deprecated.
  */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-12-19";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2025-04-03";
 /** The CLI verbosity level to use for extraction in debug mode. */
 const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 /*
@@ -262,27 +261,13 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 extraArgs.push(...(await getTrapCachingExtractorConfigArgs(config)));
                 extraArgs.push(`--trace-process-name=${processName}`);
             }
-            if (config.languages.indexOf(languages_1.Language.actions) >= 0) {
-                // We originally added an embedded version of the Actions extractor to the CodeQL Action
-                // itself in order to deploy the extractor between CodeQL releases. When we did add the
-                // extractor to the CLI, though, its autobuild script was missing the execute bit.
-                // 2.20.6 is the first CLI release with the fully-functional extractor in the CLI. For older
-                // versions, we'll keep using the embedded extractor. We can remove the embedded extractor
-                // once 2.20.6 is deployed in the runner images.
-                if (!(await util.codeQlVersionAtLeast(codeql, "2.20.6"))) {
-                    extraArgs.push("--search-path");
-                    const extractorPath = path.resolve(__dirname, "../actions-extractor");
-                    extraArgs.push(extractorPath);
-                }
-            }
             const codeScanningConfigFile = await generateCodeScanningConfig(config, logger);
             const externalRepositoryToken = (0, actions_util_1.getOptionalInput)("external-repository-token");
             extraArgs.push(`--codescanning-config=${codeScanningConfigFile}`);
             if (externalRepositoryToken) {
                 extraArgs.push("--external-repository-token-stdin");
             }
-            if (config.buildMode !== undefined &&
-                (await this.supportsFeature(tools_features_1.ToolsFeature.BuildModeOption))) {
+            if (config.buildMode !== undefined) {
                 extraArgs.push(`--build-mode=${config.buildMode}`);
             }
             if (qlconfigFile !== undefined) {
@@ -774,12 +759,14 @@ async function generateCodeScanningConfig(config, logger) {
     // make a copy so we can modify it
     const augmentedConfig = (0, util_1.cloneObject)(config.originalUserInput);
     // Inject the queries from the input
-    if (config.augmentationProperties.queriesInput) {
+    if (config.augmentationProperties.queriesInput ||
+        config.augmentationProperties.qualityQueriesInput) {
+        const queryInputs = (config.augmentationProperties.queriesInput || []).concat(config.augmentationProperties.qualityQueriesInput || []);
         if (config.augmentationProperties.queriesInputCombines) {
-            augmentedConfig.queries = (augmentedConfig.queries || []).concat(config.augmentationProperties.queriesInput);
+            augmentedConfig.queries = (augmentedConfig.queries || []).concat(queryInputs);
         }
         else {
-            augmentedConfig.queries = config.augmentationProperties.queriesInput;
+            augmentedConfig.queries = queryInputs;
         }
     }
     if (augmentedConfig.queries?.length === 0) {
@@ -809,6 +796,17 @@ async function generateCodeScanningConfig(config, logger) {
     if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) {
         delete augmentedConfig.packs;
     }
+    augmentedConfig["query-filters"] = [
+        // Ordering matters. If the first filter is an inclusion, it implicitly
+        // excludes all queries that are not included. If it is an exclusion,
+        // it implicitly includes all queries that are not excluded. So user
+        // filters (if any) should always be first to preserve intent.
+        ...(augmentedConfig["query-filters"] || []),
+        ...(config.augmentationProperties.extraQueryExclusions || []),
+    ];
+    if (augmentedConfig["query-filters"]?.length === 0) {
+        delete augmentedConfig["query-filters"];
+    }
     logger.info(`Writing augmented user configuration file to ${codeScanningConfigFile}`);
     logger.startGroup("Augmented user configuration file contents");
     logger.info(yaml.dump(augmentedConfig));

lib/codeql.test.js

@@ -49,6 +49,7 @@ const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
 const cli_errors_1 = require("./cli-errors");
 const codeql = __importStar(require("./codeql"));
+const config_utils_1 = require("./config-utils");
 const defaults = __importStar(require("./defaults.json"));
 const doc_url_1 = require("./doc-url");
 const languages_1 = require("./languages");
@@ -350,18 +351,16 @@ const injectedConfigMacro = ava_1.default.macro({
     title: (providedTitle = "") => `databaseInitCluster() injected config: ${providedTitle}`,
 });
 (0, ava_1.default)("basic", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
 }, {}, {});
 (0, ava_1.default)("injected packs from input", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     packsInput: ["xxx", "yyy"],
 }, {}, {
     packs: ["xxx", "yyy"],
 });
 (0, ava_1.default)("injected packs from input with existing packs combines", injectedConfigMacro, {
-    queriesInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     packsInputCombines: true,
     packsInput: ["xxx", "yyy"],
 }, {
@@ -376,8 +375,7 @@ const injectedConfigMacro = ava_1.default.macro({
     },
 });
 (0, ava_1.default)("injected packs from input with existing packs overrides", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     packsInput: ["xxx", "yyy"],
 }, {
     originalUserInput: {
@@ -390,8 +388,7 @@ const injectedConfigMacro = ava_1.default.macro({
 });
 // similar, but with queries
 (0, ava_1.default)("injected queries from input", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {}, {
     queries: [
@@ -404,8 +401,7 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries from input overrides", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {
     originalUserInput: {
@@ -422,8 +418,8 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries from input combines", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInputCombines: true,
-    packsInputCombines: false,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {
     originalUserInput: {
@@ -443,6 +439,7 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries from input combines 2", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInputCombines: true,
     packsInputCombines: true,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@@ -457,6 +454,7 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries and packs, but empty", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInputCombines: true,
     packsInputCombines: true,
     queriesInput: [],

lib/config-utils.js

@@ -64,6 +64,7 @@ const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
 const api = __importStar(require("./api-client"));
 const caching_utils_1 = require("./caching-utils");
+const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const trap_caching_1 = require("./trap-caching");
@@ -79,6 +80,8 @@ exports.defaultAugmentationProperties = {
     packsInputCombines: false,
     packsInput: undefined,
     queriesInput: undefined,
+    qualityQueriesInput: undefined,
+    extraQueryExclusions: [],
 };
 function getPacksStrInvalid(packStr, configFile) {
     return configFile
@@ -224,10 +227,10 @@ async function getRawLanguages(languagesInput, repository, logger) {
 /**
  * Get the default config for when the user has not supplied one.
  */
-async function getDefaultConfig({ languagesInput, queriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
+async function getDefaultConfig({ languagesInput, queriesInput, qualityQueriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
     const languages = await getLanguages(codeql, languagesInput, repository, logger);
     const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = calculateAugmentation(packsInput, queriesInput, languages);
+    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, qualityQueriesInput, languages, logger);
     const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
     return {
         languages,
@@ -259,7 +262,7 @@ async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logg
 /**
  * Load the config from the given file.
  */
-async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, githubVersion, apiDetails, features, logger, }) {
+async function loadConfig({ languagesInput, queriesInput, qualityQueriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, githubVersion, apiDetails, features, logger, }) {
     let parsedYAML;
     if (isLocal(configFile)) {
         if (configFile !== userConfigFromActionPath(tempDir)) {
@@ -277,7 +280,7 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
     }
     const languages = await getLanguages(codeql, languagesInput, repository, logger);
     const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = calculateAugmentation(packsInput, queriesInput, languages);
+    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, qualityQueriesInput, languages, logger);
     const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
     return {
         languages,
@@ -303,11 +306,14 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
  * and the CLI does not know about these inputs so we need to inject them into
  * the config file sent to the CLI.
  *
+ * @param codeql The CodeQL object.
+ * @param features The feature enablement object.
  * @param rawPacksInput The packs input from the action configuration.
  * @param rawQueriesInput The queries input from the action configuration.
  * @param languages The languages that the config file is for. If the packs input
  *    is non-empty, then there must be exactly one language. Otherwise, an
  *    error is thrown.
+ * @param logger The logger to use for logging.
  *
  * @returns The properties that need to be augmented in the config file.
  *
@@ -315,16 +321,25 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
  *     not have exactly one language.
  */
 // exported for testing.
-function calculateAugmentation(rawPacksInput, rawQueriesInput, languages) {
+async function calculateAugmentation(codeql, features, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, logger) {
     const packsInputCombines = shouldCombine(rawPacksInput);
     const packsInput = parsePacksFromInput(rawPacksInput, languages, packsInputCombines);
     const queriesInputCombines = shouldCombine(rawQueriesInput);
     const queriesInput = parseQueriesFromInput(rawQueriesInput, queriesInputCombines);
+    const qualityQueriesInput = parseQueriesFromInput(rawQualityQueriesInput, false);
+    const extraQueryExclusions = [];
+    if (await (0, diff_informed_analysis_utils_1.shouldPerformDiffInformedAnalysis)(codeql, features, logger)) {
+        extraQueryExclusions.push({
+            exclude: { tags: "exclude-from-incremental" },
+        });
+    }
     return {
         packsInputCombines,
         packsInput: packsInput?.[languages[0]],
         queriesInput,
         queriesInputCombines,
+        qualityQueriesInput,
+        extraQueryExclusions,
     };
 }
 function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) {

lib/config-utils.test.js

@@ -58,6 +58,7 @@ function createTestInitConfigInputs(overrides) {
     return Object.assign({}, {
         languagesInput: undefined,
         queriesInput: undefined,
+        qualityQueriesInput: undefined,
         packsInput: undefined,
         configFile: undefined,
         dbLocation: undefined,
@@ -623,53 +624,63 @@ const packSpecPrettyPrintingMacro = ava_1.default.macro({
 });
 const mockLogger = (0, logging_1.getRunnerLogger)(true);
 const calculateAugmentationMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedAugmentationProperties) => {
-        const actualAugmentationProperties = configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, languages);
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, expectedAugmentationProperties) => {
+        const actualAugmentationProperties = await configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, mockLogger);
         t.deepEqual(actualAugmentationProperties, expectedAugmentationProperties);
     },
     title: (_, title) => `Calculate Augmentation: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
-    packsInputCombines: false,
-    packsInput: undefined,
+(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", [languages_1.Language.javascript], {
-    queriesInputCombines: false,
+(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
-    packsInputCombines: false,
-    packsInput: undefined,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     queriesInputCombines: true,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
-    packsInputCombines: false,
-    packsInput: undefined,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
-    packsInputCombines: false,
+(0, ava_1.default)(calculateAugmentationMacro, "With quality queries", undefined, undefined, " a, b , c, d", [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
+    qualityQueriesInput: [
+        { uses: "a" },
+        { uses: "b" },
+        { uses: "c" },
+        { uses: "d" },
+    ],
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With security and quality queries", undefined, " a, b , c, d", "e, f , g,h", [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
+    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    qualityQueriesInput: [
+        { uses: "e" },
+        { uses: "f" },
+        { uses: "g" },
+        { uses: "h" },
+    ],
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
+(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     packsInputCombines: true,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
 });
 const calculateAugmentationErrorMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedError) => {
-        t.throws(() => configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, languages), { message: expectedError });
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, expectedError) => {
+        await t.throwsAsync(() => configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, mockLogger), { message: expectedError });
     },
     title: (_, title) => `Calculate Augmentation Error: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, [], /No languages specified/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, undefined, [], /No languages specified/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
 (0, ava_1.default)("no generateRegistries when registries is undefined", async (t) => {
     return await (0, util_1.withTmpDir)(async (tmpDir) => {
         const registriesInput = undefined;

lib/debug-artifacts.js

@@ -46,7 +46,7 @@ const path = __importStar(require("path"));
 const artifact = __importStar(require("@actions/artifact"));
 const artifactLegacy = __importStar(require("@actions/artifact-legacy"));
 const core = __importStar(require("@actions/core"));
-const adm_zip_1 = __importDefault(require("adm-zip"));
+const archiver_1 = __importDefault(require("archiver"));
 const del_1 = __importDefault(require("del"));
 const actions_util_1 = require("./actions-util");
 const analyze_1 = require("./analyze");
@@ -56,7 +56,7 @@ const logging_1 = require("./logging");
 const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
 function sanitizeArtifactName(name) {
-    return name.replace(/[^a-zA-Z0-9_\\-]+/g, "");
+    return name.replace(/[^a-zA-Z0-9_-]+/g, "");
 }
 /**
  * Upload Actions SARIF artifacts for debugging when CODEQL_ACTION_DEBUG_COMBINED_SARIF
@@ -250,9 +250,20 @@ async function createPartialDatabaseBundle(config, language) {
     if (fs.existsSync(databaseBundlePath)) {
         await (0, del_1.default)(databaseBundlePath, { force: true });
     }
-    const zip = new adm_zip_1.default();
-    zip.addLocalFolder(databasePath);
-    zip.writeZip(databaseBundlePath);
+    const output = fs.createWriteStream(databaseBundlePath);
+    const zip = (0, archiver_1.default)("zip");
+    zip.on("error", (err) => {
+        throw err;
+    });
+    zip.on("warning", (err) => {
+        // Ignore ENOENT warnings. There's nothing anyone can do about it.
+        if (err.code !== "ENOENT") {
+            throw err;
+        }
+    });
+    zip.pipe(output);
+    zip.directory(databasePath, false);
+    await zip.finalize();
     return databaseBundlePath;
 }
 /**

lib/debug-artifacts.test.js

@@ -45,6 +45,7 @@ const util_1 = require("./util");
     t.deepEqual(debugArtifacts.sanitizeArtifactName("hello`world`"), "helloworld");
     t.deepEqual(debugArtifacts.sanitizeArtifactName("hello===123"), "hello123");
     t.deepEqual(debugArtifacts.sanitizeArtifactName("*m)a&n^y%i££n+v!a:l[i]d"), "manyinvalid");
+    t.deepEqual(debugArtifacts.sanitizeArtifactName("\\foo\\bar//baz"), "foobarbaz");
 });
 // These next tests check the correctness of the logic to determine whether or not
 // artifacts are uploaded in debug mode. Since it's not easy to mock the actual

lib/debug-artifacts.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,uCAA6C;AAC7C,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,kFAAkF;AAClF,+EAA+E;AAC/E,mFAAmF;AACnF,8CAA8C;AAC9C,EAAE;AACF,oFAAoF;AACpF,8BAA8B;AAE9B,IAAA,aAAI,EAAC,gFAAgF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACjG,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,EAAE,EACF,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,wBAAwB,EACxB,wCAAwC,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sFAAsF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvG,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,sBAAsB,EACtB,sEAAsE,CACvE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,uCAA6C;AAC7C,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,EACtD,WAAW,CACZ,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,kFAAkF;AAClF,+EAA+E;AAC/E,mFAAmF;AACnF,8CAA8C;AAC9C,EAAE;AACF,oFAAoF;AACpF,8BAA8B;AAE9B,IAAA,aAAI,EAAC,gFAAgF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACjG,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,EAAE,EACF,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,wBAAwB,EACxB,wCAAwC,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sFAAsF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvG,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,sBAAsB,EACtB,sEAAsE,CACvE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.20.7",
-    "cliVersion": "2.20.7",
-    "priorBundleVersion": "codeql-bundle-v2.20.6",
-    "priorCliVersion": "2.20.6"
+    "bundleVersion": "codeql-bundle-v2.22.0",
+    "cliVersion": "2.22.0",
+    "priorBundleVersion": "codeql-bundle-v2.21.4",
+    "priorCliVersion": "2.21.4"
 }

lib/dependency-caching.js

@@ -57,42 +57,44 @@ function getJavaTempDependencyDir() {
 /**
  * Default caching configurations per language.
  */
-const CODEQL_DEFAULT_CACHE_CONFIG = {
-    java: {
-        paths: [
-            // Maven
-            (0, path_1.join)(os.homedir(), ".m2", "repository"),
-            // Gradle
-            (0, path_1.join)(os.homedir(), ".gradle", "caches"),
-            // CodeQL Java build-mode: none
-            getJavaTempDependencyDir(),
-        ],
-        hash: [
-            // Maven
-            "**/pom.xml",
-            // Gradle
-            "**/*.gradle*",
-            "**/gradle-wrapper.properties",
-            "buildSrc/**/Versions.kt",
-            "buildSrc/**/Dependencies.kt",
-            "gradle/*.versions.toml",
-            "**/versions.properties",
-        ],
-    },
-    csharp: {
-        paths: [(0, path_1.join)(os.homedir(), ".nuget", "packages")],
-        hash: [
-            // NuGet
-            "**/packages.lock.json",
-            // Paket
-            "**/paket.lock",
-        ],
-    },
-    go: {
-        paths: [(0, path_1.join)(os.homedir(), "go", "pkg", "mod")],
-        hash: ["**/go.sum"],
-    },
-};
+function getDefaultCacheConfig() {
+    return {
+        java: {
+            paths: [
+                // Maven
+                (0, path_1.join)(os.homedir(), ".m2", "repository"),
+                // Gradle
+                (0, path_1.join)(os.homedir(), ".gradle", "caches"),
+                // CodeQL Java build-mode: none
+                getJavaTempDependencyDir(),
+            ],
+            hash: [
+                // Maven
+                "**/pom.xml",
+                // Gradle
+                "**/*.gradle*",
+                "**/gradle-wrapper.properties",
+                "buildSrc/**/Versions.kt",
+                "buildSrc/**/Dependencies.kt",
+                "gradle/*.versions.toml",
+                "**/versions.properties",
+            ],
+        },
+        csharp: {
+            paths: [(0, path_1.join)(os.homedir(), ".nuget", "packages")],
+            hash: [
+                // NuGet
+                "**/packages.lock.json",
+                // Paket
+                "**/paket.lock",
+            ],
+        },
+        go: {
+            paths: [(0, path_1.join)(os.homedir(), "go", "pkg", "mod")],
+            hash: ["**/go.sum"],
+        },
+    };
+}
 async function makeGlobber(patterns) {
     return glob.create(patterns.join("\n"));
 }
@@ -106,7 +108,7 @@ async function makeGlobber(patterns) {
 async function downloadDependencyCaches(languages, logger) {
     const restoredCaches = [];
     for (const language of languages) {
-        const cacheConfig = CODEQL_DEFAULT_CACHE_CONFIG[language];
+        const cacheConfig = getDefaultCacheConfig()[language];
         if (cacheConfig === undefined) {
             logger.info(`Skipping download of dependency cache for ${language} as we have no caching configuration for it.`);
             continue;
@@ -140,7 +142,7 @@ async function downloadDependencyCaches(languages, logger) {
  */
 async function uploadDependencyCaches(config, logger) {
     for (const language of config.languages) {
-        const cacheConfig = CODEQL_DEFAULT_CACHE_CONFIG[language];
+        const cacheConfig = getDefaultCacheConfig()[language];
         if (cacheConfig === undefined) {
             logger.info(`Skipping upload of dependency cache for ${language} as we have no caching configuration for it.`);
             continue;

lib/dependency-caching.js.map

@@ -1 +1 @@
-{"version":3,"file":"dependency-caching.js","sourceRoot":"","sources":["../src/dependency-caching.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,4DAEC;AAqDD,4DAmDC;AAQD,wDAiEC;AAvND,uCAAyB;AACzB,+BAA4B;AAE5B,6DAA+C;AAC/C,oDAAsC;AAEtC,iDAAuD;AACvD,mDAAoD;AAEpD,+CAAuC;AAGvC,iCAA6C;AAgB7C,MAAM,8BAA8B,GAAG,qBAAqB,CAAC;AAC7D,MAAM,+BAA+B,GAAG,CAAC,CAAC;AAE1C;;;;GAIG;AACH,SAAgB,wBAAwB;IACtC,OAAO,IAAA,WAAI,EAAC,IAAA,oCAAqB,GAAE,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,MAAM,2BAA2B,GAAwC;IACvE,IAAI,EAAE;QACJ,KAAK,EAAE;YACL,QAAQ;YACR,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC;YACvC,SAAS;YACT,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC;YACvC,+BAA+B;YAC/B,wBAAwB,EAAE;SAC3B;QACD,IAAI,EAAE;YACJ,QAAQ;YACR,YAAY;YACZ,SAAS;YACT,cAAc;YACd,8BAA8B;YAC9B,yBAAyB;YACzB,6BAA6B;YAC7B,wBAAwB;YACxB,wBAAwB;SACzB;KACF;IACD,MAAM,EAAE;QACN,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QACjD,IAAI,EAAE;YACJ,QAAQ;YACR,uBAAuB;YACvB,QAAQ;YACR,eAAe;SAChB;KACF;IACD,EAAE,EAAE;QACF,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAC/C,IAAI,EAAE,CAAC,WAAW,CAAC;KACpB;CACF,CAAC;AAEF,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,wBAAwB,CAC5C,SAAqB,EACrB,MAAc;IAEd,MAAM,cAAc,GAAe,EAAE,CAAC;IAEtC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,WAAW,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;QAE1D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,8CAA8C,CACpG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,mDAAmD,CACzG,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACzD,MAAM,WAAW,GAAa,CAAC,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE5D,MAAM,CAAC,IAAI,CACT,yBAAyB,QAAQ,aAAa,UAAU,qBAAqB,WAAW,CAAC,IAAI,CAC3F,IAAI,CACL,EAAE,CACJ,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,YAAY,CAC5C,WAAW,CAAC,KAAK,EACjB,UAAU,EACV,WAAW,CACZ,CAAC;QAEF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,oBAAoB,MAAM,QAAQ,QAAQ,GAAG,CAAC,CAAC;YAC3D,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,+BAA+B,QAAQ,GAAG,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,sBAAsB,CAAC,MAAc,EAAE,MAAc;IACzE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;QAE1D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,8CAA8C,CAClG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,mDAAmD,CACvG,CAAC;YACF,SAAS;QACX,CAAC;QAED,yGAAyG;QACzG,uGAAuG;QACvG,uCAAuC;QACvC,uGAAuG;QACvG,uGAAuG;QACvG,sCAAsC;QACtC,uGAAuG;QACvG,sGAAsG;QACtG,sGAAsG;QACtG,4CAA4C;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAA,iCAAiB,EAAC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAEtE,iCAAiC;QACjC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,qBAAqB,CACzE,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAElD,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,QAAQ,QAAQ,aAAa,GAAG,KAAK,CACrE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,yFAAyF;YACzF,uFAAuF;YACvF,gCAAgC;YAChC,IAAI,KAAK,YAAY,YAAY,CAAC,iBAAiB,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CACT,2BAA2B,QAAQ,aAAa,GAAG,qBAAqB,CACzE,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,kCAAkC;gBAClC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,QAAQ,CACrB,QAAkB,EAClB,WAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,OAAO,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC;AACjD,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,WAAW,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,yBAAyB,CAAC,CAAC;IACnE,IAAI,MAAM,GAAG,8BAA8B,CAAC;IAE5C,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,+BAA+B,IAAI,QAAQ,IAAI,QAAQ,GAAG,CAAC;AACjF,CAAC"}
+{"version":3,"file":"dependency-caching.js","sourceRoot":"","sources":["../src/dependency-caching.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,4DAEC;AAuDD,4DAmDC;AAQD,wDAiEC;AAzND,uCAAyB;AACzB,+BAA4B;AAE5B,6DAA+C;AAC/C,oDAAsC;AAEtC,iDAAuD;AACvD,mDAAoD;AAEpD,+CAAuC;AAGvC,iCAA6C;AAgB7C,MAAM,8BAA8B,GAAG,qBAAqB,CAAC;AAC7D,MAAM,+BAA+B,GAAG,CAAC,CAAC;AAE1C;;;;GAIG;AACH,SAAgB,wBAAwB;IACtC,OAAO,IAAA,WAAI,EAAC,IAAA,oCAAqB,GAAE,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB;IAC5B,OAAO;QACL,IAAI,EAAE;YACJ,KAAK,EAAE;gBACL,QAAQ;gBACR,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC;gBACvC,SAAS;gBACT,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC;gBACvC,+BAA+B;gBAC/B,wBAAwB,EAAE;aAC3B;YACD,IAAI,EAAE;gBACJ,QAAQ;gBACR,YAAY;gBACZ,SAAS;gBACT,cAAc;gBACd,8BAA8B;gBAC9B,yBAAyB;gBACzB,6BAA6B;gBAC7B,wBAAwB;gBACxB,wBAAwB;aACzB;SACF;QACD,MAAM,EAAE;YACN,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;YACjD,IAAI,EAAE;gBACJ,QAAQ;gBACR,uBAAuB;gBACvB,QAAQ;gBACR,eAAe;aAChB;SACF;QACD,EAAE,EAAE;YACF,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;YAC/C,IAAI,EAAE,CAAC,WAAW,CAAC;SACpB;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,wBAAwB,CAC5C,SAAqB,EACrB,MAAc;IAEd,MAAM,cAAc,GAAe,EAAE,CAAC;IAEtC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEtD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,8CAA8C,CACpG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,mDAAmD,CACzG,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACzD,MAAM,WAAW,GAAa,CAAC,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE5D,MAAM,CAAC,IAAI,CACT,yBAAyB,QAAQ,aAAa,UAAU,qBAAqB,WAAW,CAAC,IAAI,CAC3F,IAAI,CACL,EAAE,CACJ,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,YAAY,CAC5C,WAAW,CAAC,KAAK,EACjB,UAAU,EACV,WAAW,CACZ,CAAC;QAEF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,oBAAoB,MAAM,QAAQ,QAAQ,GAAG,CAAC,CAAC;YAC3D,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,+BAA+B,QAAQ,GAAG,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,sBAAsB,CAAC,MAAc,EAAE,MAAc;IACzE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEtD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,8CAA8C,CAClG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,mDAAmD,CACvG,CAAC;YACF,SAAS;QACX,CAAC;QAED,yGAAyG;QACzG,uGAAuG;QACvG,uCAAuC;QACvC,uGAAuG;QACvG,uGAAuG;QACvG,sCAAsC;QACtC,uGAAuG;QACvG,sGAAsG;QACtG,sGAAsG;QACtG,4CAA4C;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAA,iCAAiB,EAAC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAEtE,iCAAiC;QACjC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,qBAAqB,CACzE,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAElD,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,QAAQ,QAAQ,aAAa,GAAG,KAAK,CACrE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,yFAAyF;YACzF,uFAAuF;YACvF,gCAAgC;YAChC,IAAI,KAAK,YAAY,YAAY,CAAC,iBAAiB,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CACT,2BAA2B,QAAQ,aAAa,GAAG,qBAAqB,CACzE,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,kCAAkC;gBAClC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,QAAQ,CACrB,QAAkB,EAClB,WAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,OAAO,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC;AACjD,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,WAAW,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,yBAAyB,CAAC,CAAC;IACnE,IAAI,MAAM,GAAG,8BAA8B,CAAC;IAE5C,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,+BAA+B,IAAI,QAAQ,IAAI,QAAQ,GAAG,CAAC;AACjF,CAAC"}

lib/diff-filtering-utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"diff-filtering-utils.js","sourceRoot":"","sources":["../src/diff-filtering-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgBA,0DAUC;AAED,wDAaC;AAzCD,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAS9C,SAAS,yBAAyB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,oBAAoB,CAAC,CAAC;AAC9E,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAAc,EACd,MAAwB;IAExB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CACV,oCAAoC,YAAY,MAAM,YAAY,EAAE,CACrE,CAAC;AACJ,CAAC;AAED,SAAgB,sBAAsB,CACpC,MAAc;IAEd,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,KAAK,CAAC,2CAA2C,YAAY,EAAE,CAAC,CAAC;QACxE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC3D,MAAM,CAAC,KAAK,CACV,qCAAqC,YAAY,MAAM,YAAY,EAAE,CACtE,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAqB,CAAC;AACtD,CAAC"}

lib/diff-informed-analysis-utils.js

@@ -0,0 +1,114 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.shouldPerformDiffInformedAnalysis = shouldPerformDiffInformedAnalysis;
+exports.getDiffInformedAnalysisBranches = getDiffInformedAnalysisBranches;
+exports.writeDiffRangesJsonFile = writeDiffRangesJsonFile;
+exports.readDiffRangesJsonFile = readDiffRangesJsonFile;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const github = __importStar(require("@actions/github"));
+const actionsUtil = __importStar(require("./actions-util"));
+const feature_flags_1 = require("./feature-flags");
+function getPullRequestBranches() {
+    const pullRequest = github.context.payload.pull_request;
+    if (pullRequest) {
+        return {
+            base: pullRequest.base.ref,
+            // We use the head label instead of the head ref here, because the head
+            // ref lacks owner information and by itself does not uniquely identify
+            // the head branch (which may be in a forked repository).
+            head: pullRequest.head.label,
+        };
+    }
+    // PR analysis under Default Setup does not have the pull_request context,
+    // but it should set CODE_SCANNING_REF and CODE_SCANNING_BASE_BRANCH.
+    const codeScanningRef = process.env.CODE_SCANNING_REF;
+    const codeScanningBaseBranch = process.env.CODE_SCANNING_BASE_BRANCH;
+    if (codeScanningRef && codeScanningBaseBranch) {
+        return {
+            base: codeScanningBaseBranch,
+            // PR analysis under Default Setup analyzes the PR head commit instead of
+            // the merge commit, so we can use the provided ref directly.
+            head: codeScanningRef,
+        };
+    }
+    return undefined;
+}
+/**
+ * Check if the action should perform diff-informed analysis.
+ */
+async function shouldPerformDiffInformedAnalysis(codeql, features, logger) {
+    return ((await getDiffInformedAnalysisBranches(codeql, features, logger)) !==
+        undefined);
+}
+/**
+ * Get the branches to use for diff-informed analysis.
+ *
+ * @returns If the action should perform diff-informed analysis, return
+ * the base and head branches that should be used to compute the diff ranges.
+ * Otherwise return `undefined`.
+ */
+async function getDiffInformedAnalysisBranches(codeql, features, logger) {
+    if (!(await features.getValue(feature_flags_1.Feature.DiffInformedQueries, codeql))) {
+        return undefined;
+    }
+    const branches = getPullRequestBranches();
+    if (!branches) {
+        logger.info("Not performing diff-informed analysis " +
+            "because we are not analyzing a pull request.");
+    }
+    return branches;
+}
+function getDiffRangesJsonFilePath() {
+    return path.join(actionsUtil.getTemporaryDirectory(), "pr-diff-range.json");
+}
+function writeDiffRangesJsonFile(logger, ranges) {
+    const jsonContents = JSON.stringify(ranges, null, 2);
+    const jsonFilePath = getDiffRangesJsonFilePath();
+    fs.writeFileSync(jsonFilePath, jsonContents);
+    logger.debug(`Wrote pr-diff-range JSON file to ${jsonFilePath}:\n${jsonContents}`);
+}
+function readDiffRangesJsonFile(logger) {
+    const jsonFilePath = getDiffRangesJsonFilePath();
+    if (!fs.existsSync(jsonFilePath)) {
+        logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`);
+        return undefined;
+    }
+    const jsonContents = fs.readFileSync(jsonFilePath, "utf8");
+    logger.debug(`Read pr-diff-range JSON file from ${jsonFilePath}:\n${jsonContents}`);
+    return JSON.parse(jsonContents);
+}
+//# sourceMappingURL=diff-informed-analysis-utils.js.map

lib/diff-informed-analysis-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"diff-informed-analysis-utils.js","sourceRoot":"","sources":["../src/diff-informed-analysis-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,8EASC;AASD,0EAiBC;AAYD,0DAUC;AAED,wDAaC;AArHD,uCAAyB;AACzB,2CAA6B;AAE7B,wDAA0C;AAE1C,4DAA8C;AAE9C,mDAA6D;AAQ7D,SAAS,sBAAsB;IAC7B,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC;IACxD,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG;YAC1B,uEAAuE;YACvE,uEAAuE;YACvE,yDAAyD;YACzD,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,KAAK;SAC7B,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,qEAAqE;IACrE,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IACtD,MAAM,sBAAsB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IACrE,IAAI,eAAe,IAAI,sBAAsB,EAAE,CAAC;QAC9C,OAAO;YACL,IAAI,EAAE,sBAAsB;YAC5B,yEAAyE;YACzE,6DAA6D;YAC7D,IAAI,EAAE,eAAe;SACtB,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,QAA2B,EAC3B,MAAc;IAEd,OAAO,CACL,CAAC,MAAM,+BAA+B,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACjE,SAAS,CACV,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,+BAA+B,CACnD,MAAc,EACd,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACpE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,sBAAsB,EAAE,CAAC;IAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CACT,wCAAwC;YACtC,8CAA8C,CACjD,CAAC;IACJ,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAQD,SAAS,yBAAyB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,oBAAoB,CAAC,CAAC;AAC9E,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAAc,EACd,MAAwB;IAExB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CACV,oCAAoC,YAAY,MAAM,YAAY,EAAE,CACrE,CAAC;AACJ,CAAC;AAED,SAAgB,sBAAsB,CACpC,MAAc;IAEd,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,KAAK,CAAC,2CAA2C,YAAY,EAAE,CAAC,CAAC;QACxE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC3D,MAAM,CAAC,KAAK,CACV,qCAAqC,YAAY,MAAM,YAAY,EAAE,CACtE,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAqB,CAAC;AACtD,CAAC"}

lib/feature-flags.js

@@ -96,8 +96,7 @@ exports.featureConfig = {
     [Feature.DiffInformedQueries]: {
         defaultValue: false,
         envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES",
-        minimumVersion: undefined,
-        toolsFeature: tools_features_1.ToolsFeature.DatabaseInterpretResultsSupportsSarifRunProperty,
+        minimumVersion: "2.21.0",
     },
     [Feature.DisableCsharpBuildless]: {
         defaultValue: false,

lib/init-action-post.js

@@ -87,7 +87,9 @@ async function runWrapper() {
             ...uploadFailedSarifResult,
             job_status: initActionPostHelper.getFinalJobStatus(),
         };
+        logger.info("Sending status report for init-post step.");
         await (0, status_report_1.sendStatusReport)(statusReport);
+        logger.info("Status report sent for init-post step.");
     }
 }
 void runWrapper();

lib/init-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAgD;AAChD,mDAOyB;AACzB,iCAA8E;AAO9E,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,qCAAqC;QACrC,IAAA,4BAAa,GAAE,CAAC;QAEhB,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,mCAAmC,EAClD,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAAyB;YACzC,GAAG,gBAAgB;YACnB,GAAG,uBAAuB;YAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAgD;AAChD,mDAOyB;AACzB,iCAA8E;AAO9E,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,qCAAqC;QACrC,IAAA,4BAAa,GAAE,CAAC;QAEhB,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,mCAAmC,EAClD,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAAyB;YACzC,GAAG,gBAAgB;YACnB,GAAG,uBAAuB;YAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QACzD,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/init-action.js

@@ -192,6 +192,7 @@ async function run() {
         config = await (0, init_1.initConfig)({
             languagesInput: (0, actions_util_1.getOptionalInput)("languages"),
             queriesInput: (0, actions_util_1.getOptionalInput)("queries"),
+            qualityQueriesInput: (0, actions_util_1.getOptionalInput)("quality-queries"),
             packsInput: (0, actions_util_1.getOptionalInput)("packs"),
             buildModeInput: (0, actions_util_1.getOptionalInput)("build-mode"),
             configFile,
@@ -204,10 +205,8 @@ async function run() {
             // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow),
             //   or by setting the `ACTIONS_STEP_DEBUG` secret to `true`).
             debugMode: (0, actions_util_1.getOptionalInput)("debug") === "true" || core.isDebug(),
-            debugArtifactName: (0, actions_util_1.getOptionalInput)("debug-artifact-name") ||
-                util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
-            debugDatabaseName: (0, actions_util_1.getOptionalInput)("debug-database-name") ||
-                util_1.DEFAULT_DEBUG_DATABASE_NAME,
+            debugArtifactName: (0, actions_util_1.getOptionalInput)("debug-artifact-name") || util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
+            debugDatabaseName: (0, actions_util_1.getOptionalInput)("debug-database-name") || util_1.DEFAULT_DEBUG_DATABASE_NAME,
             repository: repositoryNwo,
             tempDir: (0, actions_util_1.getTemporaryDirectory)(),
             codeql,
@@ -216,7 +215,7 @@ async function run() {
             apiDetails,
             features,
             logger,
-        }, codeql);
+        });
         await (0, init_1.checkInstallPython311)(config.languages, codeql);
     }
     catch (unwrappedError) {
@@ -319,7 +318,8 @@ async function run() {
         // for details.
         core.exportVariable("CODEQL_RAM", process.env["CODEQL_RAM"] ||
             (0, util_1.getMemoryFlagValue)((0, actions_util_1.getOptionalInput)("ram"), logger).toString());
-        core.exportVariable("CODEQL_THREADS", (0, util_1.getThreadsFlagValue)((0, actions_util_1.getOptionalInput)("threads"), logger).toString());
+        core.exportVariable("CODEQL_THREADS", process.env["CODEQL_THREADS"] ||
+            (0, util_1.getThreadsFlagValue)((0, actions_util_1.getOptionalInput)("threads"), logger).toString());
         // Disable Kotlin extractor if feature flag set
         if (await features.getValue(feature_flags_1.Feature.DisableKotlinAnalysisEnabled)) {
             core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");
@@ -352,8 +352,9 @@ async function run() {
             logger.info(`Setting C++ build-mode: none to ${value}`);
             core.exportVariable(bmnVar, value);
         }
-        // Set CODEQL_ENABLE_EXPERIMENTAL_FEATURES for rust
-        if (config.languages.includes(languages_1.Language.rust)) {
+        // For rust: set CODEQL_ENABLE_EXPERIMENTAL_FEATURES, unless codeql already supports rust without it
+        if (config.languages.includes(languages_1.Language.rust) &&
+            !(await codeql.resolveLanguages()).rust) {
             const feat = feature_flags_1.Feature.RustAnalysis;
             const minVer = feature_flags_1.featureConfig[feat].minimumVersion;
             const envVar = "CODEQL_ENABLE_EXPERIMENTAL_FEATURES";
@@ -376,25 +377,12 @@ async function run() {
         if ((0, caching_utils_1.shouldRestoreCache)(config.dependencyCachingEnabled)) {
             await (0, dependency_caching_1.downloadDependencyCaches)(config.languages, logger);
         }
-        // For CLI versions <2.15.1, build tracing caused errors in macOS ARM machines with
-        // System Integrity Protection (SIP) disabled.
-        if (!(await (0, util_1.codeQlVersionAtLeast)(codeql, "2.15.1")) &&
-            process.platform === "darwin" &&
-            (process.arch === "arm" || process.arch === "arm64") &&
-            !(await (0, util_1.checkSipEnablement)(logger))) {
-            logger.warning("CodeQL versions 2.15.0 and lower are not supported on macOS ARM machines with System Integrity Protection (SIP) disabled.");
-        }
-        // From 2.16.0 the default for the python extractor is to not perform any
-        // dependency extraction. For versions before that, you needed to set this flag to
-        // enable this behavior.
+        // Suppress warnings about disabled Python library extraction.
         if (await (0, util_1.codeQlVersionAtLeast)(codeql, "2.17.1")) {
             // disabled by default, no warning
         }
-        else if (await (0, util_1.codeQlVersionAtLeast)(codeql, "2.16.0")) {
-            // disabled by default, prints warning if environment variable is not set
-            core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
-        }
         else {
+            // disabled by default, prints warning if environment variable is not set
             core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
         }
         if ((0, actions_util_1.getOptionalInput)("setup-python-dependencies") !== undefined) {

lib/init.js

@@ -37,7 +37,6 @@ exports.initCodeQL = initCodeQL;
 exports.initConfig = initConfig;
 exports.getOverlayDatabaseMode = getOverlayDatabaseMode;
 exports.runInit = runInit;
-exports.printPathFiltersWarning = printPathFiltersWarning;
 exports.checkInstallPython311 = checkInstallPython311;
 exports.cleanupDatabaseClusterDirectory = cleanupDatabaseClusterDirectory;
 const fs = __importStar(require("fs"));
@@ -50,8 +49,8 @@ const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const git_utils_1 = require("./git-utils");
 const languages_1 = require("./languages");
+const logging_1 = require("./logging");
 const overlay_database_utils_1 = require("./overlay-database-utils");
-const tools_features_1 = require("./tools-features");
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
 async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
@@ -67,15 +66,10 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
         zstdAvailability,
     };
 }
-async function initConfig(inputs, codeql) {
-    const logger = inputs.logger;
-    logger.startGroup("Load language configuration");
-    const config = await configUtils.initConfig(inputs);
-    if (!(await codeql.supportsFeature(tools_features_1.ToolsFeature.InformsAboutUnsupportedPathFilters))) {
-        printPathFiltersWarning(config, logger);
-    }
-    logger.endGroup();
-    return config;
+async function initConfig(inputs) {
+    return await (0, logging_1.withGroupAsync)("Load language configuration", async () => {
+        return await configUtils.initConfig(inputs);
+    });
 }
 async function getOverlayDatabaseMode(codeqlVersion, config, sourceRoot, logger) {
     const overlayDatabaseMode = process.env.CODEQL_OVERLAY_DATABASE_MODE;
@@ -114,15 +108,6 @@ async function runInit(codeql, config, sourceRoot, processName, registriesInput,
     async () => await codeql.databaseInitCluster(config, sourceRoot, processName, qlconfigFile, overlayDatabaseMode, logger));
     return await (0, tracer_config_1.getCombinedTracerConfig)(codeql, config);
 }
-function printPathFiltersWarning(config, logger) {
-    // Index include/exclude/filters only work in javascript/python/ruby.
-    // If any other languages are detected/configured then show a warning.
-    if ((config.originalUserInput.paths?.length ||
-        config.originalUserInput["paths-ignore"]?.length) &&
-        !config.languages.every(languages_1.isScannedLanguage)) {
-        logger.warning('The "paths"/"paths-ignore" fields of the config only have effect for JavaScript, Python, and Ruby');
-    }
-}
 /**
  * If we are running python 3.12+ on windows, we need to switch to python 3.11.
  * This check happens in a powershell script.

lib/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,gCAyCC;AAED,gCAgBC;AAED,wDAuCC;AAED,0BAoCC;AAED,0DAeC;AAMD,sDAkBC;AAED,0EAkDC;AAjQD,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,gDAAkC;AAClC,+CAAiC;AAEjC,iDAAsE;AAEtE,qCAA+C;AAC/C,4DAA8C;AAE9C,2CAAyC;AACzC,2CAA0D;AAE1D,qEAGkC;AAIlC,qDAAgD;AAChD,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,iBAA2C,EAC3C,QAA2B,EAC3B,MAAc;IAQd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EACJ,MAAM,EACN,yBAAyB,EACzB,WAAW,EACX,YAAY,EACZ,gBAAgB,GACjB,GAAG,MAAM,IAAA,oBAAW,EACnB,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,EACjB,MAAM,EACN,QAAQ,EACR,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO;QACL,MAAM;QACN,yBAAyB;QACzB,WAAW;QACX,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,MAAoC,EACpC,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACpD,IACE,CAAC,CAAC,MAAM,MAAM,CAAC,eAAe,CAC5B,6BAAY,CAAC,kCAAkC,CAChD,CAAC,EACF,CAAC;QACD,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,aAAqB,EACrB,MAA0B,EAC1B,UAAkB,EAClB,MAAc;IAEd,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;IAErE,IACE,mBAAmB,KAAK,4CAAmB,CAAC,OAAO;QACnD,mBAAmB,KAAK,4CAAmB,CAAC,WAAW,EACvD,CAAC;QACD,IAAI,MAAM,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,yBAAyB,MAAM,CAAC,SAAS,uBAAuB;gBAChE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,MAAM,CAAC,EAAE,CAAC,aAAa,EAAE,uDAA8B,CAAC,EAAE,CAAC;YAC7D,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,gCAAgC,uDAA8B,IAAI;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,MAAM,IAAA,sBAAU,EAAC,UAAU,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,oBAAoB,UAAU,oCAAoC;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,OAAO,mBAA0C,CAAC;IACpD,CAAC;IACD,OAAO,4CAAmB,CAAC,IAAI,CAAC;AAClC,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,eAAmC,EACnC,UAAoC,EACpC,mBAAwC,EACxC,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,MAAM,EAAE,oBAAoB,EAAE,YAAY,EAAE,GAC1C,MAAM,WAAW,CAAC,kBAAkB,CAClC,eAAe,EACf,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;IACJ,MAAM,WAAW,CAAC,eAAe,CAC/B;QACE,YAAY,EAAE,UAAU,CAAC,IAAI;QAC7B,sBAAsB,EAAE,oBAAoB;KAC7C;IAED,0BAA0B;IAC1B,KAAK,IAAI,EAAE,CACT,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,mBAAmB,EACnB,MAAM,CACP,CACJ,CAAC;IACF,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,qEAAqE;IACrE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM;QACrC,MAAM,CAAC,iBAAiB,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;QACnD,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,6BAAiB,CAAC,EAC1C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,mGAAmG,CACpG,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAqB,EACrB,MAAc;IAEd,IACE,SAAS,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC;QACnC,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5B,CAAC,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,EAAE,iBAAiB,EACxD,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CACzB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,CACrB,CAAC;QACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;YAClE,MAAM;SACP,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,+BAA+B,CAC7C,MAA0B,EAC1B,MAAc;AACd,+FAA+F;AAC/F,eAAe;AACf,MAAM,GAAG,EAAE,CAAC,MAAM;IAElB,IACE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC;QAChC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE;YACtC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,EAC3C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,kCAAkC,MAAM,CAAC,UAAU,4CAA4C,CAChG,CAAC;QACF,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;gBACxB,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;gBACb,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CACT,yCAAyC,MAAM,CAAC,UAAU,GAAG,CAC9D,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,mEACZ,IAAA,+BAAgB,EAAC,aAAa,CAAC;gBAC7B,CAAC,CAAC,sCAAsC,MAAM,CAAC,UAAU,IAAI;gBAC7D,CAAC,CAAC,kCAAkC,MAAM,CAAC,UAAU,IAAI;oBACvD,yEACN,iEAAiE,CAAC;YAElE,kGAAkG;YAClG,IAAI,IAAA,iCAAkB,GAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,GAAG,KAAK,4GAA4G;oBAClH,sEAAsE,IAAI,CAAC,eAAe,CACxF,CAAC,CACF,EAAE,CACN,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,sDAAsD;oBAC5D,+EAA+E;oBAC/E,yCAAyC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,gCAyCC;AAED,gCAMC;AAED,wDAuCC;AAED,0BAoCC;AAMD,sDAkBC;AAED,0EAkDC;AArOD,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,gDAAkC;AAClC,+CAAiC;AAEjC,iDAAsE;AAEtE,qCAA+C;AAC/C,4DAA8C;AAE9C,2CAAyC;AACzC,2CAAuC;AACvC,uCAAmD;AACnD,qEAGkC;AAIlC,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,iBAA2C,EAC3C,QAA2B,EAC3B,MAAc;IAQd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EACJ,MAAM,EACN,yBAAyB,EACzB,WAAW,EACX,YAAY,EACZ,gBAAgB,GACjB,GAAG,MAAM,IAAA,oBAAW,EACnB,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,EACjB,MAAM,EACN,QAAQ,EACR,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO;QACL,MAAM;QACN,yBAAyB;QACzB,WAAW;QACX,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,MAAoC;IAEpC,OAAO,MAAM,IAAA,wBAAc,EAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QACpE,OAAO,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,aAAqB,EACrB,MAA0B,EAC1B,UAAkB,EAClB,MAAc;IAEd,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;IAErE,IACE,mBAAmB,KAAK,4CAAmB,CAAC,OAAO;QACnD,mBAAmB,KAAK,4CAAmB,CAAC,WAAW,EACvD,CAAC;QACD,IAAI,MAAM,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,yBAAyB,MAAM,CAAC,SAAS,uBAAuB;gBAChE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,MAAM,CAAC,EAAE,CAAC,aAAa,EAAE,uDAA8B,CAAC,EAAE,CAAC;YAC7D,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,gCAAgC,uDAA8B,IAAI;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,MAAM,IAAA,sBAAU,EAAC,UAAU,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,oBAAoB,UAAU,oCAAoC;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,OAAO,mBAA0C,CAAC;IACpD,CAAC;IACD,OAAO,4CAAmB,CAAC,IAAI,CAAC;AAClC,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,eAAmC,EACnC,UAAoC,EACpC,mBAAwC,EACxC,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,MAAM,EAAE,oBAAoB,EAAE,YAAY,EAAE,GAC1C,MAAM,WAAW,CAAC,kBAAkB,CAClC,eAAe,EACf,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;IACJ,MAAM,WAAW,CAAC,eAAe,CAC/B;QACE,YAAY,EAAE,UAAU,CAAC,IAAI;QAC7B,sBAAsB,EAAE,oBAAoB;KAC7C;IAED,0BAA0B;IAC1B,KAAK,IAAI,EAAE,CACT,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,mBAAmB,EACnB,MAAM,CACP,CACJ,CAAC;IACF,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAqB,EACrB,MAAc;IAEd,IACE,SAAS,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC;QACnC,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5B,CAAC,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,EAAE,iBAAiB,EACxD,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CACzB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,CACrB,CAAC;QACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;YAClE,MAAM;SACP,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,+BAA+B,CAC7C,MAA0B,EAC1B,MAAc;AACd,+FAA+F;AAC/F,eAAe;AACf,MAAM,GAAG,EAAE,CAAC,MAAM;IAElB,IACE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC;QAChC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE;YACtC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,EAC3C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,kCAAkC,MAAM,CAAC,UAAU,4CAA4C,CAChG,CAAC;QACF,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;gBACxB,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;gBACb,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CACT,yCAAyC,MAAM,CAAC,UAAU,GAAG,CAC9D,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,mEACZ,IAAA,+BAAgB,EAAC,aAAa,CAAC;gBAC7B,CAAC,CAAC,sCAAsC,MAAM,CAAC,UAAU,IAAI;gBAC7D,CAAC,CAAC,kCAAkC,MAAM,CAAC,UAAU,IAAI;oBACvD,yEACN,iEAAiE,CAAC;YAElE,kGAAkG;YAClG,IAAI,IAAA,iCAAkB,GAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,GAAG,KAAK,4GAA4G;oBAClH,sEAAsE,IAAI,CAAC,eAAe,CACxF,CAAC,CACF,EAAE,CACN,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,sDAAsD;oBAC5D,+EAA+E;oBAC/E,yCAAyC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}

lib/init.test.js

@@ -40,26 +40,9 @@ const fs = __importStar(require("fs"));
 const path_1 = __importDefault(require("path"));
 const ava_1 = __importDefault(require("ava"));
 const init_1 = require("./init");
-const languages_1 = require("./languages");
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
-(0, ava_1.default)("printPathFiltersWarning does not trigger when 'paths' and 'paths-ignore' are undefined", async (t) => {
-    const messages = [];
-    (0, init_1.printPathFiltersWarning)({
-        languages: [languages_1.Language.cpp],
-        originalUserInput: {},
-    }, (0, testing_utils_1.getRecordingLogger)(messages));
-    t.is(messages.length, 0);
-});
-(0, ava_1.default)("printPathFiltersWarning does not trigger when 'paths' and 'paths-ignore' are empty", async (t) => {
-    const messages = [];
-    (0, init_1.printPathFiltersWarning)({
-        languages: [languages_1.Language.cpp],
-        originalUserInput: { paths: [], "paths-ignore": [] },
-    }, (0, testing_utils_1.getRecordingLogger)(messages));
-    t.is(messages.length, 0);
-});
 (0, ava_1.default)("cleanupDatabaseClusterDirectory cleans up where possible", async (t) => {
     await (0, util_1.withTmpDir)(async (tmpDir) => {
         const dbLocation = path_1.default.resolve(tmpDir, "dbs");

lib/init.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.test.js","sourceRoot":"","sources":["../src/init.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,gDAAwB;AAExB,8CAAuB;AAGvB,iCAGgB;AAChB,2CAAuC;AACvC,mDAKyB;AACzB,iCAAwD;AAExD,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,wFAAwF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACzG,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAA,8BAAuB,EACrB;QACE,SAAS,EAAE,CAAC,oBAAQ,CAAC,GAAG,CAAC;QACzB,iBAAiB,EAAE,EAAE;KACO,EAC9B,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAA,8BAAuB,EACrB;QACE,SAAS,EAAE,CAAC,oBAAQ,CAAC,GAAG,CAAC;QACzB,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE;KACxB,EAC9B,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,0DAA0D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3E,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;QACxC,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAC;QAC3E,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAEpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;QACrC,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;QAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,yCAAyC,UAAU,GAAG,CACvD,CAAC;QAEF,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,KAAK,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI;IACrD;QACE,SAAS,EAAE,aAAa;QACxB,gBAAgB,EAAE,yBAAkB;QACpC,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,0FAA0F;YAC1F,6FAA6F;YAC7F,8CAA8C;KACjD;IACD;QACE,SAAS,EAAE,eAAe;QAC1B,gBAAgB,EAAE,KAAK;QACvB,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,wFAAwF;YACxF,4FAA4F;YAC5F,2CAA2C;KAC9C;CACF,EAAE,CAAC;IACF,IAAA,aAAI,EAAC,4CAA4C,gBAAgB,CAAC,IAAI,0BAA0B,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9H,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;YACxC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC;YAE9C,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAChC,UAAU,EACV,0BAA0B,CAC3B,CAAC;YACF,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAEpC,MAAM,WAAW,GAAG,2BAA2B,aAAa,EAAE,CAAC;YAE/D,MAAM,QAAQ,GAAoB,EAAE,CAAC;YACrC,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,EAC5B,GAAG,EAAE;gBACH,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;YAC/B,CAAC,CACF,EACH;gBACE,UAAU,EAAE,gBAAgB;gBAC5B,OAAO,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,WAAW,EAAE;aAC1D,CACF,CAAC;YAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"init.test.js","sourceRoot":"","sources":["../src/init.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,gDAAwB;AAExB,8CAAuB;AAEvB,iCAAyD;AACzD,mDAKyB;AACzB,iCAAwD;AAExD,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,0DAA0D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3E,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;QACxC,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAC;QAC3E,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAEpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;QACrC,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;QAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,yCAAyC,UAAU,GAAG,CACvD,CAAC;QAEF,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,KAAK,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI;IACrD;QACE,SAAS,EAAE,aAAa;QACxB,gBAAgB,EAAE,yBAAkB;QACpC,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,0FAA0F;YAC1F,6FAA6F;YAC7F,8CAA8C;KACjD;IACD;QACE,SAAS,EAAE,eAAe;QAC1B,gBAAgB,EAAE,KAAK;QACvB,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,wFAAwF;YACxF,4FAA4F;YAC5F,2CAA2C;KAC9C;CACF,EAAE,CAAC;IACF,IAAA,aAAI,EAAC,4CAA4C,gBAAgB,CAAC,IAAI,0BAA0B,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9H,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;YACxC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC;YAE9C,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAChC,UAAU,EACV,0BAA0B,CAC3B,CAAC;YACF,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAEpC,MAAM,WAAW,GAAG,2BAA2B,aAAa,EAAE,CAAC;YAE/D,MAAM,QAAQ,GAAoB,EAAE,CAAC;YACrC,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,EAC5B,GAAG,EAAE;gBACH,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;YAC/B,CAAC,CACF,EACH;gBACE,UAAU,EAAE,gBAAgB;gBAC5B,OAAO,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,WAAW,EAAE;aAC1D,CACF,CAAC;YAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

lib/start-proxy-action.js

@@ -43,8 +43,8 @@ const logging_1 = require("./logging");
 const start_proxy_1 = require("./start-proxy");
 const util = __importStar(require("./util"));
 const UPDATEJOB_PROXY = "update-job-proxy";
-const UPDATEJOB_PROXY_VERSION = "v2.0.20241023203727";
-const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.18.1/";
+const UPDATEJOB_PROXY_VERSION = "v2.0.20250424171100";
+const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.1/";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;
 const CERT_SUBJECT = [

lib/start-proxy.js

@@ -1,6 +1,40 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getCredentials = getCredentials;
+const core = __importStar(require("@actions/core"));
 const languages_1 = require("./languages");
 const util_1 = require("./util");
 const LANGUAGE_TO_REGISTRY_TYPE = {
@@ -10,10 +44,10 @@ const LANGUAGE_TO_REGISTRY_TYPE = {
     python: "python_index",
     ruby: "rubygems_server",
     rust: "cargo_registry",
+    go: "goproxy_server",
     // We do not have an established proxy type for these languages, thus leaving empty.
     actions: "",
     cpp: "",
-    go: "",
     swift: "",
 };
 // getCredentials returns registry credentials from action inputs.
@@ -49,6 +83,13 @@ function getCredentials(logger, registrySecrets, registriesCredentials, language
     }
     const out = [];
     for (const e of parsed) {
+        // Mask credentials to reduce chance of accidental leakage in logs.
+        if (e.password !== undefined) {
+            core.setSecret(e.password);
+        }
+        if (e.token !== undefined) {
+            core.setSecret(e.token);
+        }
         if (e.url === undefined && e.host === undefined) {
             // The proxy needs one of these to work. If both are defined, the url has the precedence.
             throw new util_1.ConfigurationError("Invalid credentials - must specify host or url");

lib/start-proxy.js.map

@@ -1 +1 @@
-{"version":3,"file":"start-proxy.js","sourceRoot":"","sources":["../src/start-proxy.ts"],"names":[],"mappings":";;AA8BA,wCA2EC;AAzGD,2CAAsD;AAEtD,iCAA4C;AAW5C,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,EAAE,EAAE,EAAE;IACN,KAAK,EAAE,EAAE;CACD,CAAC;AAEX,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAgB,cAAc,CAC5B,MAAc,EACd,eAAmC,EACnC,qBAAyC,EACzC,cAAkC;IAElC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtD,MAAM,IAAI,yBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,yFAAyF;YACzF,MAAM,IAAI,yBAAkB,CAC1B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,uBAAuB,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAuB,EAAW,EAAE;YACvD,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,CAAC,CAAC;QAEF,IACE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;YACnB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,IAAI,yBAAkB,CAC1B,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"start-proxy.js","sourceRoot":"","sources":["../src/start-proxy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCA,wCAmFC;AAnHD,oDAAsC;AAEtC,2CAAsD;AAEtD,iCAA4C;AAW5C,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,EAAE,EAAE,gBAAgB;IACpB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,KAAK,EAAE,EAAE;CACD,CAAC;AAEX,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAgB,cAAc,CAC5B,MAAc,EACd,eAAmC,EACnC,qBAAyC,EACzC,cAAkC;IAElC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtD,MAAM,IAAI,yBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,mEAAmE;QACnE,IAAI,CAAC,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,yFAAyF;YACzF,MAAM,IAAI,yBAAkB,CAC1B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,uBAAuB,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAuB,EAAW,EAAE;YACvD,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,CAAC,CAAC;QAEF,IACE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;YACnB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,IAAI,yBAAkB,CAC1B,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

lib/status-report.js

@@ -35,6 +35,7 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.JobStatus = exports.ActionName = void 0;
 exports.isFirstPartyAnalysis = isFirstPartyAnalysis;
+exports.isThirdPartyAnalysis = isThirdPartyAnalysis;
 exports.getActionsStatus = getActionsStatus;
 exports.getJobStatusDisplayName = getJobStatusDisplayName;
 exports.createStatusReportBase = createStatusReportBase;
@@ -71,6 +72,12 @@ function isFirstPartyAnalysis(actionName) {
     }
     return process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] === "true";
 }
+/**
+ * @returns true if the analysis is considered to be third party.
+ */
+function isThirdPartyAnalysis(actionName) {
+    return !isFirstPartyAnalysis(actionName);
+}
 /** Overall status of the entire job. String values match the Hydro schema. */
 var JobStatus;
 (function (JobStatus) {
@@ -142,10 +149,10 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi
         const runnerOs = (0, util_1.getRequiredEnvParam)("RUNNER_OS");
         const codeQlCliVersion = (0, util_1.getCachedCodeQlVersion)();
         const actionRef = process.env["GITHUB_ACTION_REF"] || "";
-        const testingEnvironment = process.env[environment_1.EnvVar.TESTING_ENVIRONMENT] || "";
+        const testingEnvironment = (0, util_1.getTestingEnvironment)();
         // re-export the testing environment variable so that it is available to subsequent steps,
         // even if it was only set for this step
-        if (testingEnvironment !== "") {
+        if (testingEnvironment) {
             core.exportVariable(environment_1.EnvVar.TESTING_ENVIRONMENT, testingEnvironment);
         }
         const isSteadyStateDefaultSetupRun = process.env["CODE_SCANNING_IS_STEADY_STATE_DEFAULT_SETUP"] === "true";
@@ -166,7 +173,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi
             started_at: workflowStartedAt,
             status,
             steady_state_default_setup: isSteadyStateDefaultSetupRun,
-            testing_environment: testingEnvironment,
+            testing_environment: testingEnvironment || "",
             workflow_name: workflowName,
             workflow_run_attempt: workflowRunAttempt,
             workflow_run_id: workflowRunID,

lib/status-report.test.js

@@ -113,7 +113,7 @@ function setupEnvironmentAndStub(tmpDir) {
     t.is((0, status_report_1.getActionsStatus)(new Error("arbitrary error")), "failure", "We categorise an arbitrary error as a failure");
     t.is((0, status_report_1.getActionsStatus)(new util_1.ConfigurationError("arbitrary error")), "user-error", "We categorise a ConfigurationError as a user error");
     t.is((0, status_report_1.getActionsStatus)(new Error("exit code 1"), "multiple things went wrong"), "failure", "getActionsStatus should return failure if passed an arbitrary error and an additional failure cause");
-    t.is((0, status_report_1.getActionsStatus)(new util_1.ConfigurationError("exit code 1"), "multiple things went wrong"), "user-error", "getActionsStatus should return failure if passed a configuration error and an additional failure cause");
+    t.is((0, status_report_1.getActionsStatus)(new util_1.ConfigurationError("exit code 1"), "multiple things went wrong"), "user-error", "getActionsStatus should return user-error if passed a configuration error and an additional failure cause");
     t.is((0, status_report_1.getActionsStatus)(), "success", "getActionsStatus should return success if no error is passed");
     t.is((0, status_report_1.getActionsStatus)(new Object()), "failure", "getActionsStatus should return failure if passed an arbitrary object");
     t.is((0, status_report_1.getActionsStatus)(null, "an error occurred"), "failure", "getActionsStatus should return failure if passed null and an additional failure cause");

lib/system-reqs.js

@@ -1,112 +0,0 @@
-"use strict";
-// Enforce system requirements for the CodeQL CLI.
-// https://codeql.github.com/docs/codeql-overview/system-requirements/
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.passesSystemRequirements = passesSystemRequirements;
-const macos_version_1 = require("macos-version");
-const util_1 = require("./util");
-const fs_1 = require("fs");
-const os_1 = __importDefault(require("os"));
-const platformMap = {
-    'darwin': 'macOS',
-    'linux': 'Linux',
-    'win32': 'Windows',
-};
-const platformRequirements = {
-    'macOS': {
-        'version': ['13.0.1', '14.0.1'],
-        'arch': ['arm64', 'x64'],
-    },
-    'Linux': {
-        // We only accept Ubuntu 20.04, 21.04, and 22.04
-        'version': ['20.04', '21.04', '22.04'],
-        'arch': ['x64'],
-    },
-    'Windows': {
-        'version': ['10', 'Server 2019', '11', 'Server 2022'],
-        'arch': ['x64'],
-    },
-};
-function passesSystemRequirements() {
-    // CodeQL System requirements are two-level: the CLI must run on a specific platform,
-    // and that platform must have certain capabilities.
-    const platform = getPlatform();
-    switch (platform) {
-        case 'macOS':
-            return checkMacOSPlatform();
-        case 'Linux':
-            return checkLinuxPlatform();
-        case 'Windows':
-            return checkWindowsPlatform();
-        default:
-            (0, util_1.assertNever)(platform);
-    }
-}
-// MacOS checks
-function checkMacOSPlatform() {
-    const macOSPlatformRequirements = platformRequirements['macOS'];
-    const passesSystemRequirements = checkMacOSVersion(macOSPlatformRequirements['version']) && checkMacOSArch(macOSPlatformRequirements['arch']);
-    return passesSystemRequirements;
-}
-function checkMacOSVersion(supportedVersions) {
-    return supportedVersions.some((version) => {
-        (0, macos_version_1.isMacOSVersionGreaterThanOrEqualTo)(version);
-    });
-}
-function checkMacOSArch(supportedArchs) {
-    const arch = getArch();
-    return supportedArchs.includes(arch);
-}
-// Linux checks
-function checkLinuxPlatform() {
-    const linuxPlatformRequirements = platformRequirements['Linux'];
-    return checkLinuxVersion(linuxPlatformRequirements['version']) && checkLinuxArch(linuxPlatformRequirements['arch']);
-}
-function checkLinuxVersion(supportedVersions) {
-    const data = (0, fs_1.readFileSync)('/etc/os-release', 'utf8');
-    const lines = data.split('\n');
-    const releaseDetails = {};
-    lines.forEach((line) => {
-        // Split the line into a key and value delimited by '='
-        const words = line.split('=');
-        if (words.length === 2) {
-            releaseDetails[words[0].trim().toLowerCase()] = words[1].trim();
-        }
-    });
-    return releaseDetails.name == 'Ubuntu' && supportedVersions.includes(releaseDetails.version_id);
-}
-function checkLinuxArch(supportedArchs) {
-    const arch = getArch();
-    return supportedArchs.includes(arch);
-}
-// Windows checks
-function checkWindowsPlatform() {
-    const windowsPlatformRequirements = platformRequirements['Windows'];
-    return checkWindowsVersion(windowsPlatformRequirements['version']) && checkWindowsArch(windowsPlatformRequirements['arch']);
-}
-function checkWindowsVersion(supportedVersions) {
-    // os.release() on windows returns a string like "Windows 11 Home"
-    const windowsVersion = os_1.default.release();
-    return supportedVersions.some(version => new RegExp(version, 'i').test(windowsVersion));
-}
-function checkWindowsArch(supportedArchs) {
-    const arch = getArch();
-    return supportedArchs.includes(arch);
-}
-;
-// Auxiliary functions
-function getPlatform() {
-    const platform = process.platform;
-    const mappedPlatform = platformMap[platform];
-    if (mappedPlatform === undefined) {
-        throw new util_1.ConfigurationError(`Unsupported platform: ${platform}`);
-    }
-    return mappedPlatform;
-}
-function getArch() {
-    return process.arch;
-}
-//# sourceMappingURL=system-reqs.js.map

lib/system-reqs.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"system-reqs.js","sourceRoot":"","sources":["../src/system-reqs.ts"],"names":[],"mappings":";AAAA,kDAAkD;AAClD,sEAAsE;;;;;AA6BtE,4DAgBC;AA3CD,iDAAmE;AACnE,iCAAyD;AACzD,2BAAkC;AAClC,4CAAoB;AAEpB,MAAM,WAAW,GAAG;IAChB,QAAQ,EAAE,OAAO;IACjB,OAAO,EAAE,OAAO;IAChB,OAAO,EAAE,SAAS;CACrB,CAAA;AAED,MAAM,oBAAoB,GAAG;IACzB,OAAO,EAAE;QACL,SAAS,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAC/B,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC;KAC3B;IACD,OAAO,EAAE;QACL,gDAAgD;QAChD,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC;QACtC,MAAM,EAAE,CAAC,KAAK,CAAC;KAClB;IACD,SAAS,EAAE;QACP,SAAS,EAAE,CAAC,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,CAAC;QACrD,MAAM,EAAE,CAAC,KAAK,CAAC;KAClB;CACJ,CAAC;AAEF,SAAgB,wBAAwB;IACtC,qFAAqF;IACrF,oDAAoD;IAEpD,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,kBAAkB,EAAE,CAAC;QAC9B,KAAK,OAAO;YACV,OAAO,kBAAkB,EAAE,CAAC;QAC9B,KAAK,SAAS;YACZ,OAAO,oBAAoB,EAAE,CAAC;QAChC;YACE,IAAA,kBAAW,EAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;AAEH,CAAC;AAED,eAAe;AAEf,SAAS,kBAAkB;IACvB,MAAM,yBAAyB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAChE,MAAM,wBAAwB,GAAG,iBAAiB,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC,IAAI,cAAc,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9I,OAAO,wBAAwB,CAAC;AACpC,CAAC;AAED,SAAS,iBAAiB,CAAC,iBAA2B;IAClD,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QACtC,IAAA,kDAAkC,EAAC,OAAO,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,cAAc,CAAC,cAAwB;IAC5C,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,OAAO,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,eAAe;AAEf,SAAS,kBAAkB;IACvB,MAAM,yBAAyB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAChE,OAAO,iBAAiB,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC,IAAI,cAAc,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC,CAAC;AACxH,CAAC;AAED,SAAS,iBAAiB,CAAC,iBAA2B;IAClD,MAAM,IAAI,GAAG,IAAA,iBAAY,EAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;IACrD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,cAAc,GAA2B,EAAE,CAAC;IAClD,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;QACnB,uDAAuD;QACvD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACpE,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,cAAc,CAAC,IAAI,IAAI,QAAQ,IAAI,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;AACpG,CAAC;AAED,SAAS,cAAc,CAAC,cAAwB;IAC5C,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,OAAO,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,iBAAiB;AAEjB,SAAS,oBAAoB;IACzB,MAAM,2BAA2B,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACpE,OAAO,mBAAmB,CAAC,2BAA2B,CAAC,SAAS,CAAC,CAAC,IAAI,gBAAgB,CAAC,2BAA2B,CAAC,MAAM,CAAC,CAAC,CAAC;AAChI,CAAC;AAED,SAAS,mBAAmB,CAAC,iBAA2B;IACpD,kEAAkE;IAClE,MAAM,cAAc,GAAG,YAAE,CAAC,OAAO,EAAE,CAAC;IACpC,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;AAC5F,CAAC;AAED,SAAS,gBAAgB,CAAC,cAAwB;IAC9C,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,OAAO,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAAA,CAAC;AAEF,sBAAsB;AAEtB,SAAS,WAAW;IAChB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,cAAc,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC7C,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,yBAAkB,CAAC,yBAAyB,QAAQ,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,cAAc,CAAC;AAC1B,CAAC;AAED,SAAS,OAAO;IACZ,OAAO,OAAO,CAAC,IAAI,CAAC;AACxB,CAAC"}

lib/tools-features.js

@@ -40,12 +40,8 @@ const semver = __importStar(require("semver"));
 var ToolsFeature;
 (function (ToolsFeature) {
     ToolsFeature["AnalysisSummaryV2IsDefault"] = "analysisSummaryV2Default";
-    ToolsFeature["BuildModeOption"] = "buildModeOption";
     ToolsFeature["DatabaseInterpretResultsSupportsSarifRunProperty"] = "databaseInterpretResultsSupportsSarifRunProperty";
     ToolsFeature["IndirectTracingSupportsStaticBinaries"] = "indirectTracingSupportsStaticBinaries";
-    ToolsFeature["InformsAboutUnsupportedPathFilters"] = "informsAboutUnsupportedPathFilters";
-    ToolsFeature["SetsCodeqlRunnerEnvVar"] = "setsCodeqlRunnerEnvVar";
-    ToolsFeature["TraceCommandUseBuildMode"] = "traceCommandUseBuildMode";
     ToolsFeature["SarifMergeRunsFromEqualCategory"] = "sarifMergeRunsFromEqualCategory";
     ToolsFeature["ForceOverwrite"] = "forceOverwrite";
     ToolsFeature["PythonDefaultIsToNotExtractStdlib"] = "pythonDefaultIsToNotExtractStdlib";

lib/tools-features.js.map

@@ -1 +1 @@
-{"version":3,"file":"tools-features.js","sourceRoot":"","sources":["../src/tools-features.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwBA,0DAKC;AAcD,oDAIC;AA/CD,+CAAiC;AAIjC,IAAY,YAWX;AAXD,WAAY,YAAY;IACtB,uEAAuD,CAAA;IACvD,mDAAmC,CAAA;IACnC,qHAAqG,CAAA;IACrG,+FAA+E,CAAA;IAC/E,yFAAyE,CAAA;IACzE,iEAAiD,CAAA;IACjD,qEAAqD,CAAA;IACrD,mFAAmE,CAAA;IACnE,iDAAiC,CAAA;IACjC,uFAAuE,CAAA;AACzE,CAAC,EAXW,YAAY,4BAAZ,YAAY,QAWvB;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,WAAwB,EACxB,OAAqB;IAErB,OAAO,CAAC,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACjE,CAAC;AAEY,QAAA,yBAAyB,GAAG,QAAQ,CAAC;AAElD;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,aAAsB;IACzD,OAAO,CAAC,aAAa;QACnB,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,iCAAyB,CAAC,CAAC;AAC3D,CAAC"}
+{"version":3,"file":"tools-features.js","sourceRoot":"","sources":["../src/tools-features.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,0DAKC;AAcD,oDAIC;AA3CD,+CAAiC;AAIjC,IAAY,YAOX;AAPD,WAAY,YAAY;IACtB,uEAAuD,CAAA;IACvD,qHAAqG,CAAA;IACrG,+FAA+E,CAAA;IAC/E,mFAAmE,CAAA;IACnE,iDAAiC,CAAA;IACjC,uFAAuE,CAAA;AACzE,CAAC,EAPW,YAAY,4BAAZ,YAAY,QAOvB;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,WAAwB,EACxB,OAAqB;IAErB,OAAO,CAAC,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACjE,CAAC;AAEY,QAAA,yBAAyB,GAAG,QAAQ,CAAC;AAElD;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,aAAsB;IACzD,OAAO,CAAC,aAAa;QACnB,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,iCAAyB,CAAC,CAAC;AAC3D,CAAC"}

lib/tools-features.test.js

@@ -8,14 +8,8 @@ const testing_utils_1 = require("./testing-utils");
 const tools_features_1 = require("./tools-features");
 (0, ava_1.default)("isSupportedToolsFeature", async (t) => {
     const versionInfo = (0, testing_utils_1.makeVersionInfo)("1.0.0");
-    t.false((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.IndirectTracingSupportsStaticBinaries));
-    versionInfo.features = { indirectTracingSupportsStaticBinaries: true };
-    t.true((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.IndirectTracingSupportsStaticBinaries));
-});
-(0, ava_1.default)("setsCodeqlRunnerEnvVar", async (t) => {
-    const versionInfo = (0, testing_utils_1.makeVersionInfo)("1.0.0");
-    t.false((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar));
-    versionInfo.features = { setsCodeqlRunnerEnvVar: true };
-    t.true((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar));
+    t.false((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.ForceOverwrite));
+    versionInfo.features = { forceOverwrite: true };
+    t.true((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.ForceOverwrite));
 });
 //# sourceMappingURL=tools-features.test.js.map

lib/tools-features.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"tools-features.test.js","sourceRoot":"","sources":["../src/tools-features.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,mDAAkD;AAClD,qDAAyE;AAEzE,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,WAAW,GAAG,IAAA,+BAAe,EAAC,OAAO,CAAC,CAAC;IAE7C,CAAC,CAAC,KAAK,CACL,IAAA,wCAAuB,EACrB,WAAW,EACX,6BAAY,CAAC,qCAAqC,CACnD,CACF,CAAC;IAEF,WAAW,CAAC,QAAQ,GAAG,EAAE,qCAAqC,EAAE,IAAI,EAAE,CAAC;IAEvE,CAAC,CAAC,IAAI,CACJ,IAAA,wCAAuB,EACrB,WAAW,EACX,6BAAY,CAAC,qCAAqC,CACnD,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,wBAAwB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACzC,MAAM,WAAW,GAAG,IAAA,+BAAe,EAAC,OAAO,CAAC,CAAC;IAE7C,CAAC,CAAC,KAAK,CACL,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,sBAAsB,CAAC,CAC1E,CAAC;IAEF,WAAW,CAAC,QAAQ,GAAG,EAAE,sBAAsB,EAAE,IAAI,EAAE,CAAC;IAExD,CAAC,CAAC,IAAI,CACJ,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,sBAAsB,CAAC,CAC1E,CAAC;AACJ,CAAC,CAAC,CAAC"}
+{"version":3,"file":"tools-features.test.js","sourceRoot":"","sources":["../src/tools-features.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,mDAAkD;AAClD,qDAAyE;AAEzE,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,WAAW,GAAG,IAAA,+BAAe,EAAC,OAAO,CAAC,CAAC;IAE7C,CAAC,CAAC,KAAK,CAAC,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,cAAc,CAAC,CAAC,CAAC;IAE3E,WAAW,CAAC,QAAQ,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;IAEhD,CAAC,CAAC,IAAI,CAAC,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,cAAc,CAAC,CAAC,CAAC;AAC5E,CAAC,CAAC,CAAC"}

lib/tracer-config.js

@@ -40,17 +40,15 @@ exports.getCombinedTracerConfig = getCombinedTracerConfig;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const languages_1 = require("./languages");
-const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
-async function shouldEnableIndirectTracing(codeql, config) {
+async function shouldEnableIndirectTracing(_codeql, config) {
     // We don't need to trace build mode none, or languages which unconditionally don't need tracing.
     if (config.buildMode === util_1.BuildMode.None) {
         return false;
     }
     // If the CLI supports `trace-command` with a `--build-mode`, we'll use direct tracing instead of
     // indirect tracing.
-    if (config.buildMode === util_1.BuildMode.Autobuild &&
-        (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+    if (config.buildMode === util_1.BuildMode.Autobuild) {
         return false;
     }
     // Otherwise, use direct tracing if any of the languages need to be traced.
@@ -98,18 +96,6 @@ async function getCombinedTracerConfig(codeql, config) {
     if (!(await shouldEnableIndirectTracing(codeql, config))) {
         return undefined;
     }
-    const mainTracerConfig = await getTracerConfigForCluster(config);
-    // If the CLI doesn't yet support setting the CODEQL_RUNNER environment variable to
-    // the runner executable path, we set it here in the Action.
-    if (!(await codeql.supportsFeature(tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar))) {
-        // On macOS when System Integrity Protection is enabled, it's necessary to prefix
-        // the build command with the runner executable for indirect tracing, so we expose
-        // it here via the CODEQL_RUNNER environment variable.
-        // The executable also exists and works for other platforms so we unconditionally
-        // set the environment variable.
-        const runnerExeName = process.platform === "win32" ? "runner.exe" : "runner";
-        mainTracerConfig.env["CODEQL_RUNNER"] = path.join(mainTracerConfig.env["CODEQL_DIST"], "tools", mainTracerConfig.env["CODEQL_PLATFORM"], runnerExeName);
-    }
-    return mainTracerConfig;
+    return await getTracerConfigForCluster(config);
 }
 //# sourceMappingURL=tracer-config.js.map

lib/tracer-config.js.map

@@ -1 +1 @@
-{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAcA,kEAoBC;AAWD,oDAoCC;AAED,8DAeC;AAED,0DA6BC;AAjID,uCAAyB;AACzB,2CAA6B;AAI7B,2CAA+C;AAE/C,qDAAgD;AAChD,iCAAmC;AAM5B,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAAc;IAEd,iGAAiG;IACjG,IAAI,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iGAAiG;IACjG,oBAAoB;IACpB,IACE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,SAAS;QACxC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,EACrE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,2EAA2E;IAC3E,OAAO,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,4BAAgB,EAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAE,OAAO;IAEjE,MAAM,CAAC,IAAI,CACT,iGAAiG,CAClG,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CACnC,MAAM,CAAC,UAAU,EACjB,0CAA0C,CAC3C,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,kDAAkD,gBAAgB,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,sBAAsB,GAA+B,IAAI,CAAC,KAAK,CACnE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAC1C,CAAC;QACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAClE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc;IAEd,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CACpC,EAAE,CAAC,YAAY,CACb,IAAI,CAAC,OAAO,CACV,MAAM,CAAC,UAAU,EACjB,4CAA4C,CAC7C,EACD,MAAM,CACP,CACF,CAAC;IACF,OAAO;QACL,GAAG,EAAE,mBAAmB;KACzB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACzD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,gBAAgB,GAAG,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAEjE,mFAAmF;IACnF,4DAA4D;IAC5D,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC;QACzE,iFAAiF;QACjF,kFAAkF;QAClF,sDAAsD;QACtD,iFAAiF;QACjF,gCAAgC;QAChC,MAAM,aAAa,GACjB,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CAC/C,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,EACnC,OAAO,EACP,gBAAgB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EACvC,aAAa,CACd,CAAC;IACJ,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC"}
+{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaA,kEAiBC;AAWD,oDAoCC;AAED,8DAeC;AAED,0DASC;AAzGD,uCAAyB;AACzB,2CAA6B;AAI7B,2CAA+C;AAE/C,iCAAmC;AAM5B,KAAK,UAAU,2BAA2B,CAC/C,OAAe,EACf,MAAc;IAEd,iGAAiG;IACjG,IAAI,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iGAAiG;IACjG,oBAAoB;IACpB,IAAI,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,SAAS,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,2EAA2E;IAC3E,OAAO,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,4BAAgB,EAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAE,OAAO;IAEjE,MAAM,CAAC,IAAI,CACT,iGAAiG,CAClG,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CACnC,MAAM,CAAC,UAAU,EACjB,0CAA0C,CAC3C,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,kDAAkD,gBAAgB,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,sBAAsB,GAA+B,IAAI,CAAC,KAAK,CACnE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAC1C,CAAC;QACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAClE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc;IAEd,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CACpC,EAAE,CAAC,YAAY,CACb,IAAI,CAAC,OAAO,CACV,MAAM,CAAC,UAAU,EACjB,4CAA4C,CAC7C,EACD,MAAM,CACP,CACF,CAAC;IACF,OAAO;QACL,GAAG,EAAE,mBAAmB;KACzB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACzD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;AACjD,CAAC"}

lib/tracer-config.test.js

@@ -59,7 +59,7 @@ function getTestConfig(tempDir) {
         t.deepEqual(await (0, tracer_config_1.getCombinedTracerConfig)((0, testing_utils_1.mockCodeQLVersion)("1.0.0"), config), undefined);
     });
 });
-(0, ava_1.default)("getCombinedTracerConfig - with start-tracing.json environment file", async (t) => {
+(0, ava_1.default)("getCombinedTracerConfig", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         const config = getTestConfig(tmpDir);
         const bundlePath = path.join(tmpDir, "bundle");
@@ -79,41 +79,6 @@ function getTestConfig(tempDir) {
         fs.writeFileSync(startTracingJson, JSON.stringify(startTracingEnv));
         const result = await (0, tracer_config_1.getCombinedTracerConfig)((0, testing_utils_1.mockCodeQLVersion)("1.0.0"), config);
         t.notDeepEqual(result, undefined);
-        const expectedEnv = startTracingEnv;
-        if (process.platform === "win32") {
-            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/win64/runner.exe");
-        }
-        else if (process.platform === "darwin") {
-            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/osx64/runner");
-        }
-        else {
-            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/linux64/runner");
-        }
-        t.deepEqual(result, {
-            env: expectedEnv,
-        });
-    });
-});
-(0, ava_1.default)("getCombinedTracerConfig - with SetsCodeqlRunnerEnvVar feature enabled in CLI", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const bundlePath = path.join(tmpDir, "bundle");
-        const codeqlPlatform = process.platform === "win32"
-            ? "win64"
-            : process.platform === "darwin"
-                ? "osx64"
-                : "linux64";
-        const startTracingEnv = {
-            foo: "bar",
-            CODEQL_DIST: bundlePath,
-            CODEQL_PLATFORM: codeqlPlatform,
-        };
-        const tracingEnvironmentDir = path.join(config.dbLocation, "temp", "tracingEnvironment");
-        fs.mkdirSync(tracingEnvironmentDir, { recursive: true });
-        const startTracingJson = path.join(tracingEnvironmentDir, "start-tracing.json");
-        fs.writeFileSync(startTracingJson, JSON.stringify(startTracingEnv));
-        const result = await (0, tracer_config_1.getCombinedTracerConfig)((0, testing_utils_1.mockCodeQLVersion)("1.0.0", { setsCodeqlRunnerEnvVar: true }), config);
-        t.notDeepEqual(result, undefined);
         t.false(Object.prototype.hasOwnProperty.call(result?.env, "CODEQL_RUNNER"));
     });
 });

lib/tracer-config.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"tracer-config.test.js","sourceRoot":"","sources":["../src/tracer-config.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,8CAAuB;AAGvB,2CAAuC;AACvC,mDAIyB;AACzB,mDAA0D;AAC1D,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,SAAS,aAAa,CAAC,OAAe;IACpC,OAAO,IAAA,gCAAgB,EAAC;QACtB,SAAS,EAAE,CAAC,oBAAQ,CAAC,IAAI,CAAC;QAC1B,OAAO;QACP,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;KACtD,CAAC,CAAC;AACL,CAAC;AAED,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,sBAAsB;QACtB,MAAM,CAAC,SAAS,GAAG,CAAC,oBAAQ,CAAC,UAAU,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;QAC1D,CAAC,CAAC,SAAS,CACT,MAAM,IAAA,uCAAuB,EAAC,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAAE,MAAM,CAAC,EACjE,SAAS,CACV,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oEAAoE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAErC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,cAAc,GAClB,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBAC7B,CAAC,CAAC,OAAO;gBACT,CAAC,CAAC,SAAS,CAAC;QAClB,MAAM,eAAe,GAAG;YACtB,GAAG,EAAE,KAAK;YACV,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,cAAc;SAChC,CAAC;QAEF,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CACrC,MAAM,CAAC,UAAU,EACjB,MAAM,EACN,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAChC,qBAAqB,EACrB,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC;QAEpE,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAuB,EAC1C,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAC1B,MAAM,CACP,CAAC;QACF,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAElC,MAAM,WAAW,GAAG,eAAe,CAAC;QAEpC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,WAAW,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CACtC,UAAU,EACV,wBAAwB,CACzB,CAAC;QACJ,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACzC,WAAW,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CACtC,UAAU,EACV,oBAAoB,CACrB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CACtC,UAAU,EACV,sBAAsB,CACvB,CAAC;QACJ,CAAC;QAED,CAAC,CAAC,SAAS,CAAC,MAAM,EAAE;YAClB,GAAG,EAAE,WAAW;SACjB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,8EAA8E,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/F,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAErC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,cAAc,GAClB,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBAC7B,CAAC,CAAC,OAAO;gBACT,CAAC,CAAC,SAAS,CAAC;QAClB,MAAM,eAAe,GAAG;YACtB,GAAG,EAAE,KAAK;YACV,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,cAAc;SAChC,CAAC;QAEF,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CACrC,MAAM,CAAC,UAAU,EACjB,MAAM,EACN,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAChC,qBAAqB,EACrB,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC;QAEpE,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAuB,EAC1C,IAAA,iCAAiB,EAAC,OAAO,EAAE,EAAE,sBAAsB,EAAE,IAAI,EAAE,CAAC,EAC5D,MAAM,CACP,CAAC;QACF,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAElC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"tracer-config.test.js","sourceRoot":"","sources":["../src/tracer-config.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,8CAAuB;AAGvB,2CAAuC;AACvC,mDAIyB;AACzB,mDAA0D;AAC1D,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,SAAS,aAAa,CAAC,OAAe;IACpC,OAAO,IAAA,gCAAgB,EAAC;QACtB,SAAS,EAAE,CAAC,oBAAQ,CAAC,IAAI,CAAC;QAC1B,OAAO;QACP,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;KACtD,CAAC,CAAC;AACL,CAAC;AAED,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,sBAAsB;QACtB,MAAM,CAAC,SAAS,GAAG,CAAC,oBAAQ,CAAC,UAAU,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;QAC1D,CAAC,CAAC,SAAS,CACT,MAAM,IAAA,uCAAuB,EAAC,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAAE,MAAM,CAAC,EACjE,SAAS,CACV,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAErC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,cAAc,GAClB,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBAC7B,CAAC,CAAC,OAAO;gBACT,CAAC,CAAC,SAAS,CAAC;QAClB,MAAM,eAAe,GAAG;YACtB,GAAG,EAAE,KAAK;YACV,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,cAAc;SAChC,CAAC;QAEF,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CACrC,MAAM,CAAC,UAAU,EACjB,MAAM,EACN,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAChC,qBAAqB,EACrB,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC;QAEpE,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAuB,EAC1C,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAC1B,MAAM,CACP,CAAC;QACF,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAElC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/upload-lib.js

@@ -40,10 +40,13 @@ exports.InvalidSarifUploadError = void 0;
 exports.shouldShowCombineSarifFilesDeprecationWarning = shouldShowCombineSarifFilesDeprecationWarning;
 exports.populateRunAutomationDetails = populateRunAutomationDetails;
 exports.findSarifFilesInDir = findSarifFilesInDir;
+exports.readSarifFile = readSarifFile;
 exports.validateSarifFileSchema = validateSarifFileSchema;
 exports.buildPayload = buildPayload;
 exports.uploadFiles = uploadFiles;
 exports.waitForProcessing = waitForProcessing;
+exports.shouldConsiderConfigurationError = shouldConsiderConfigurationError;
+exports.shouldConsiderInvalidRequest = shouldConsiderInvalidRequest;
 exports.validateUniqueCategory = validateUniqueCategory;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
@@ -58,7 +61,7 @@ const api = __importStar(require("./api-client"));
 const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
-const diff_filtering_utils_1 = require("./diff-filtering-utils");
+const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
 const environment_1 = require("./environment");
 const fingerprints = __importStar(require("./fingerprints"));
 const gitUtils = __importStar(require("./git-utils"));
@@ -322,17 +325,24 @@ function countResultsInSarif(sarif) {
     }
     return numResults;
 }
-// Validates that the given file path refers to a valid SARIF file.
-// Throws an error if the file is invalid.
-function validateSarifFileSchema(sarifFilePath, logger) {
-    logger.info(`Validating ${sarifFilePath}`);
-    let sarif;
+function readSarifFile(sarifFilePath) {
     try {
-        sarif = JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
+        return JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
     }
     catch (e) {
         throw new InvalidSarifUploadError(`Invalid SARIF. JSON syntax error: ${(0, util_1.getErrorMessage)(e)}`);
     }
+}
+// Validates the given SARIF object and throws an error if the SARIF object is invalid.
+// The file path is only used in error messages to improve clarity.
+function validateSarifFileSchema(sarif, sarifFilePath, logger) {
+    if (areAllRunsProducedByCodeQL([sarif]) &&
+        // We want to validate CodeQL SARIF in testing environments.
+        !util.getTestingEnvironment()) {
+        logger.debug(`Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.`);
+        return;
+    }
+    logger.info(`Validating ${sarifFilePath}`);
     // eslint-disable-next-line @typescript-eslint/no-require-imports
     const schema = require("../src/sarif-schema-2.1.0.json");
     const result = new jsonschema.Validator().validate(sarif, schema);
@@ -400,19 +410,28 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
     return payloadObj;
 }
 /**
- * Uploads a single SARIF file or a directory of SARIF files depending on what `sarifPath` refers
+ * Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers
  * to.
  */
-async function uploadFiles(sarifPath, checkoutPath, category, features, logger) {
-    const sarifFiles = getSarifFilePaths(sarifPath);
+async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger) {
+    const sarifPaths = getSarifFilePaths(inputSarifPath);
     logger.startGroup("Uploading results");
-    logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);
+    logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
     const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
-    // Validate that the files we were asked to upload are all valid SARIF files
-    for (const file of sarifFiles) {
-        validateSarifFileSchema(file, logger);
+    let sarif;
+    if (sarifPaths.length > 1) {
+        // Validate that the files we were asked to upload are all valid SARIF files
+        for (const sarifPath of sarifPaths) {
+            const parsedSarif = readSarifFile(sarifPath);
+            validateSarifFileSchema(parsedSarif, sarifPath, logger);
+        }
+        sarif = await combineSarifFilesUsingCLI(sarifPaths, gitHubVersion, features, logger);
+    }
+    else {
+        const sarifPath = sarifPaths[0];
+        sarif = readSarifFile(sarifPath);
+        validateSarifFileSchema(sarif, sarifPath, logger);
     }
-    let sarif = await combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger);
     sarif = filterAlertsByDiffRange(logger, sarif);
     sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger);
     const analysisKey = await api.getAnalysisKey();
@@ -524,9 +543,12 @@ async function waitForProcessing(repositoryNwo, sarifID, logger, options = {
  * Returns whether the provided processing errors are a configuration error.
  */
 function shouldConsiderConfigurationError(processingErrors) {
+    const expectedConfigErrors = [
+        "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",
+        "rejecting delivery as the repository has too many logical alerts",
+    ];
     return (processingErrors.length === 1 &&
-        processingErrors[0] ===
-            "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled");
+        expectedConfigErrors.some((msg) => processingErrors[0].includes(msg)));
 }
 /**
  * Returns whether the provided processing errors are the result of an invalid SARIF upload request.
@@ -610,7 +632,7 @@ class InvalidSarifUploadError extends Error {
 }
 exports.InvalidSarifUploadError = InvalidSarifUploadError;
 function filterAlertsByDiffRange(logger, sarif) {
-    const diffRanges = (0, diff_filtering_utils_1.readDiffRangesJsonFile)(logger);
+    const diffRanges = (0, diff_informed_analysis_utils_1.readDiffRangesJsonFile)(logger);
     if (!diffRanges?.length) {
         return sarif;
     }

lib/upload-lib.test.js

@@ -49,11 +49,11 @@ ava_1.default.beforeEach(() => {
 });
 (0, ava_1.default)("validateSarifFileSchema - valid", (t) => {
     const inputFile = `${__dirname}/../src/testdata/valid-sarif.sarif`;
-    t.notThrows(() => uploadLib.validateSarifFileSchema(inputFile, (0, logging_1.getRunnerLogger)(true)));
+    t.notThrows(() => uploadLib.validateSarifFileSchema(uploadLib.readSarifFile(inputFile), inputFile, (0, logging_1.getRunnerLogger)(true)));
 });
 (0, ava_1.default)("validateSarifFileSchema - invalid", (t) => {
     const inputFile = `${__dirname}/../src/testdata/invalid-sarif.sarif`;
-    t.throws(() => uploadLib.validateSarifFileSchema(inputFile, (0, logging_1.getRunnerLogger)(true)));
+    t.throws(() => uploadLib.validateSarifFileSchema(uploadLib.readSarifFile(inputFile), inputFile, (0, logging_1.getRunnerLogger)(true)));
 });
 (0, ava_1.default)("validate correct payload used for push, PR merge commit, and PR head", async (t) => {
     process.env["GITHUB_EVENT_NAME"] = "push";
@@ -202,7 +202,7 @@ ava_1.default.beforeEach(() => {
         },
     };
     const sarifFile = `${__dirname}/../src/testdata/with-invalid-uri.sarif`;
-    uploadLib.validateSarifFileSchema(sarifFile, mockLogger);
+    uploadLib.validateSarifFileSchema(uploadLib.readSarifFile(sarifFile), sarifFile, mockLogger);
     t.deepEqual(loggedMessages.length, 3);
     t.deepEqual(loggedMessages[1], "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].tool.driver.rules[0].helpUri'.", "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].results[0].locations[0].physicalLocation.artifactLocation.uri'.");
 });
@@ -244,6 +244,41 @@ ava_1.default.beforeEach(() => {
         type: util_1.GitHubVariant.DOTCOM,
     }));
 });
+(0, ava_1.default)("shouldConsiderConfigurationError correctly detects configuration errors", (t) => {
+    const error1 = [
+        "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",
+    ];
+    t.true(uploadLib.shouldConsiderConfigurationError(error1));
+    const error2 = [
+        "rejecting delivery as the repository has too many logical alerts",
+    ];
+    t.true(uploadLib.shouldConsiderConfigurationError(error2));
+    // We fail cases where we get > 1 error messages back
+    const error3 = [
+        "rejecting delivery as the repository has too many alerts",
+        "extra error message",
+    ];
+    t.false(uploadLib.shouldConsiderConfigurationError(error3));
+});
+(0, ava_1.default)("shouldConsiderInvalidRequest returns correct recognises processing errors", (t) => {
+    const error1 = [
+        "rejecting SARIF",
+        "an invalid URI was provided as a SARIF location",
+    ];
+    t.true(uploadLib.shouldConsiderInvalidRequest(error1));
+    const error2 = [
+        "locationFromSarifResult: expected artifact location",
+        "an invalid URI was provided as a SARIF location",
+    ];
+    t.true(uploadLib.shouldConsiderInvalidRequest(error2));
+    // We expect ALL errors to be of processing errors, for the outcome to be classified as
+    // an invalid SARIF upload error.
+    const error3 = [
+        "could not convert rules: invalid security severity value, is not a number",
+        "an unknown error occurred",
+    ];
+    t.false(uploadLib.shouldConsiderInvalidRequest(error3));
+});
 function createMockSarif(id, tool) {
     return {
         runs: [