Merge pull request #1527 from github/aeisenberg/qlconfig-in-cli

Ensure qlconfig file is created when config parsing in cli is on
Address comments from PR
2026-05-03 12:20:09 +00:00 · 2023-02-27 10:26:08 -08:00 · 2023-02-27 09:59:16 -08:00 · 2023-02-27 11:02:00 +00:00 · 2023-02-27 09:35:51 +00:00 · 2023-02-27 09:33:05 +00:00
154 changed files with 77768 additions and 56297 deletions
@@ -33,6 +33,12 @@
            "alphabetize": {"order": "asc"},
            "newlines-between": "always"
        }],
+        "max-len": ["error", {
+            "code": 120,
+            "ignoreUrls": true,
+            "ignoreStrings": true,
+            "ignoreTemplateLiterals": true
+        }],
        "no-async-foreach/no-async-foreach": "error",
        "no-console": "off",
        "no-sequences": "error",
@@ -2,9 +2,11 @@ name: "Prepare test"
 description: Performs some preparation to run tests
 inputs:
  version:
+    description: "The version of the CodeQL CLI to use. Can be 'latest', 'cached', 'nightly-latest', 'nightly-YYYY-MM-DD', or 'stable-YYYY-MM-DD'."
    required: true
 outputs:
  tools-url:
+    description: "The value that should be passed as the 'tools' input of the 'init' step."
    value: ${{ steps.get-url.outputs.tools-url }}
 runs:
  using: composite
@@ -20,6 +22,7 @@ runs:
      name: Determine URL
      shell: bash
      run: |
+        set -e # Fail this Action if `gh release list` fails.
        if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
          export LATEST=`gh release list --repo dsp-testing/codeql-cli-nightlies -L 1 | cut -f 3`
          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$LATEST/codeql-bundle.tar.gz" >> $GITHUB_OUTPUT
@@ -34,5 +37,6 @@ runs:
        elif [[ ${{ inputs.version }} == "cached" ]]; then
          echo "tools-url=" >> $GITHUB_OUTPUT
        else
-          echo "::error Unrecognized version specified!"
+          echo "::error::Unrecognized version specified!"
+          exit 1
        fi
@@ -161,7 +161,7 @@ def update_changelog(version):
  else:
    content = EMPTY_CHANGELOG

-  newContent = content.replace('[UNRELEASED]', f'${version} - {get_today_string()}', 1)
+  newContent = content.replace('[UNRELEASED]', f'{version} - {get_today_string()}', 1)

  with open('CHANGELOG.md', 'w') as f:
    f.write(newContent)
@@ -25,6 +25,18 @@ jobs:
    strategy:
      matrix:
        include:
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-latest
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-latest
+          version: latest
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
@@ -75,5 +87,35 @@ jobs:
            echo "::error $CODEQL_PACK1 pack was not installed."
            exit 1
        fi
+
+    - name: Verify qlconfig.yml file was created
+      shell: bash
+      run: |
+        QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
+        echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH"
+        if [[ -f $QLCONFIG_PATH ]]
+        then
+            echo "qlconfig.yml file was created."
+        else
+            echo "::error qlconfig.yml file was not created."
+            exit 1
+        fi
+
+    - name: Verify contents of qlconfig.yml
+    # yq is not available on windows
+      if: runner.os != 'Windows'
+      shell: bash
+      run: |
+        QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
+        cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")'
+        if [[ $? -eq 0 ]]
+        then
+            echo "Registry was added to qlconfig.yml file."
+        else
+            echo "::error Registry was not added to qlconfig.yml file."
+            echo "Contents of qlconfig.yml file:"
+            cat $QLCONFIG_PATH
+            exit 1
+        fi
    env:
      CODEQL_ACTION_TEST_MODE: true
@@ -54,6 +54,7 @@ jobs:
      shell: bash
      run: pwd
    - uses: ./../action/autobuild
+      timeout-minutes: 10
    - uses: ./../action/analyze
      id: analysis
    - name: Check database
@@ -1,4 +1,4 @@
-name: Test Python Package Installation on Linux and Mac
+name: Test Python Package Installation

 on:
  push:
@@ -144,6 +144,7 @@ jobs:
        python-version: ${{ matrix.python_version }}

    - name: Initialize CodeQL
+      id: init
      uses: ./init
      with:
        tools: latest
@@ -151,15 +152,15 @@ jobs:
        setup-python-dependencies: false

    - name: Test Auto Package Installation
+      env:
+        CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
      run: |
        $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\install_tools.ps1"
        powershell -File $cmd

        cd $Env:GITHUB_WORKSPACE\\python-setup/tests/$Env:PYTHON_DEPS_TYPE/requests-$Env:PYTHON_VERSION
-        $DefaultsPath = Join-Path (Join-Path $Env:GITHUB_WORKSPACE "src") "defaults.json"
-        $CodeQLBundleName = (Get-Content -Raw -Path $DefaultsPath | ConvertFrom-Json).bundleVersion
-        $CodeQLVersion = "0.0.0-" + $CodeQLBundleName.split("-")[-1]
-        py -3 $Env:GITHUB_WORKSPACE\\python-setup\\auto_install_packages.py C:\\hostedtoolcache\\windows\\CodeQL\\$CodeQLVersion\\x64\\codeql
+        $codeql_dist = (get-item $Env:CODEQL_PATH).Directory.FullName
+        py -3 $Env:GITHUB_WORKSPACE\\python-setup\\auto_install_packages.py $codeql_dist

    - name: Setup for extractor
      run: |
@@ -7,14 +7,9 @@ if [ ! -z "$(git status --porcelain)" ]; then
    >&2 echo "Failed: Repo should be clean before testing!"
    exit 1
 fi
-# Pin npm to v8 since v9 doesn't support Node 12.
-# When updating this, make sure to update the npm version in
-# `.github/workflows/update-dependencies.yml` too.
-sudo npm install --force -g npm@^8.19.3
-# Reinstall modules and then clean to remove absolute paths
-# Use 'npm ci' instead of 'npm install' as this is intended to be reproducible
-npm ci
-npm run removeNPMAbsolutePaths
+
+"$(dirname "$0")/update-node-modules.sh" check-only
+
 # Check that repo is still clean
 if [ ! -z "$(git status --porcelain)" ]; then
    # If we get a fail here then the PR needs attention
@@ -0,0 +1,18 @@
+if [ "$1" != "update" && "$1" != "check-only" ]; then
+    >&2 echo "Failed: Invalid argument. Must be 'update' or 'check-only'"
+    exit 1
+fi
+
+sudo npm install --force -g npm@9.2.0
+
+# clean the npm cache to ensure we don't have any files owned by root
+sudo npm cache clean --force
+
+if [ "$1" = "update" ]; then
+    npm install
+fi
+
+# Reinstall modules and then clean to remove absolute paths
+# Use 'npm ci' instead of 'npm install' as this is intended to be reproducible
+npm ci
+npm run removeNPMAbsolutePaths
@@ -27,13 +27,7 @@ jobs:
      run: |
        git fetch origin "$BRANCH" --depth=1
        git checkout "origin/$BRANCH"
-        # Pin npm to v8 since v9 doesn't support Node 12.
-        # When updating this, make sure to update the npm version in
-        # `.github/workflows/script/check-node-modules.sh` too.
-        sudo npm install --force -g npm@^8.19.3
-        npm install
-        npm ci
-        npm run removeNPMAbsolutePaths
+        .github/workflows/script/update-node-modules.sh update
        if [ ! -z "$(git status --porcelain)" ]; then
          git config --global user.email "github-actions@github.com"
          git config --global user.name "github-actions[bot]"
@@ -2,6 +2,30 @@

 ## [UNRELEASED]

+No user facing changes.
+
+## 2.2.5 - 24 Feb 2023
+
+- Update default CodeQL bundle version to 2.12.3. [#1543](https://github.com/github/codeql-action/pull/1543)
+
+## 2.2.4 - 10 Feb 2023
+
+No user facing changes.
+
+## 2.2.3 - 08 Feb 2023
+
+- Update default CodeQL bundle version to 2.12.2. [#1518](https://github.com/github/codeql-action/pull/1518)
+
+## 2.2.2 - 06 Feb 2023
+
+- Fix an issue where customers using the CodeQL Action with the [CodeQL Action sync tool](https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access) would not be able to obtain the CodeQL tools. [#1517](https://github.com/github/codeql-action/pull/1517)
+
+## 2.2.1 - 27 Jan 2023
+
+No user facing changes.
+
+## 2.2.0 - 26 Jan 2023
+
 - Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. [#1475](https://github.com/github/codeql-action/pull/1475)
  - This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions [runner images](https://github.com/actions/runner-images).
  - **No change is required for the majority of workflows**, including:
@@ -15,6 +39,8 @@
    - These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses [@actions/tool-cache](https://github.com/actions/toolkit/tree/main/packages/tool-cache) or relies on the precise location of CodeQL within the Actions tool cache.
    - The tool cache now contains **two** recent CodeQL versions (previously **one**).
    - Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql` (previously `CodeQL/0.0.0-20221211/x64/codeql`).
+- The maximum number of [SARIF runs](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object) per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the [GitHub API documentation](https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data) for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.
+- Update default CodeQL bundle version to 2.12.1. [#1498](https://github.com/github/codeql-action/pull/1498)
 - Fix a bug that forced the `init` Action to run for at least two minutes on JavaScript. [#1494](https://github.com/github/codeql-action/pull/1494)

 ## 2.1.39 - 18 Jan 2023
@@ -67,12 +67,8 @@ Here are a few things you can do that will increase the likelihood of your pull
    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v2" pull request, and bumps the patch version of the CodeQL Action.

    Approve the mergeback PR and automerge it.
-1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Update release branch" workflow will create a "Merge releases/v2 into releases/v1" pull request to merge the changes since the last release into the `releases/v1` release branch.
-    This ensures we keep both the `releases/v1` and `releases/v2` release branches up to date and fully supported.

-    Review the checklist items in the pull request description.
-    Once you've checked off all the items, approve the PR and automerge it.
-1. Once the mergeback has been merged to `main` and the "Merge releases/v2 into releases/v1" PR has been merged to `releases/v1`, the release is complete.
+Once the mergeback has been merged to `main`, the release is complete.

 ## Keeping the PR checks up to date (admin access required)

@@ -1,6 +1,6 @@
 # CodeQL Action

-This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's security tab. CodeQL runs an extensible set of [queries](https://github.com/github/codeql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code.
+This action runs GitHub's industry-leading semantic code analysis engine, [CodeQL](https://codeql.github.com/), against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's security tab. CodeQL runs an extensible set of [queries](https://github.com/github/codeql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code.

 For a list of recent changes, see the CodeQL Action's [changelog](CHANGELOG.md).

@@ -29,7 +29,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.runPromise = exports.sendStatusReport = void 0;
 const fs = __importStar(require("fs"));
 const path_1 = __importDefault(require("path"));
-// We need to import `performance` on Node 12
 const perf_hooks_1 = require("perf_hooks");
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
@@ -29,7 +29,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.validateQueryFilters = exports.runCleanup = exports.runFinalize = exports.createQuerySuiteContents = exports.convertPackToQuerySuiteEntry = exports.runQueries = exports.dbIsFinalized = exports.createdDBForScannedLanguages = exports.CodeQLAnalysisError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const perf_hooks_1 = require("perf_hooks"); // We need to import `performance` on Node 12
+const perf_hooks_1 = require("perf_hooks");
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
@@ -126,6 +126,7 @@ async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger)
 async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, automationDetailsId, config, logger, featureEnablement) {
    const statusReport = {};
    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+    const queryFlags = [memoryFlag, threadsFlag];
    await util.logCodeScanningConfigInCli(codeql, featureEnablement, logger);
    for (const language of config.languages) {
        const queries = config.queries[language];
@@ -140,7 +141,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                // another to interpret the results.
                logger.startGroup(`Running queries for ${language}`);
                const startTimeBuiltIn = new Date().getTime();
-                await runQueryGroup(language, "all", undefined, undefined);
+                await runQueryGroup(language, "all", undefined, undefined, true);
                // TODO should not be using `builtin` here. We should be using `all` instead.
                // The status report does not support `all` yet.
                statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
@@ -164,24 +165,29 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                    !hasPackWithCustomQueries) {
                    throw new Error(`Unable to analyze ${language} as no queries were selected for this language`);
                }
+                const customQueryIndices = [];
+                for (let i = 0; i < queries.custom.length; ++i) {
+                    if (queries.custom[i].queries.length > 0) {
+                        customQueryIndices.push(i);
+                    }
+                }
                logger.startGroup(`Running queries for ${language}`);
                const querySuitePaths = [];
-                if (queries["builtin"].length > 0) {
+                if (queries.builtin.length > 0) {
                    const startTimeBuiltIn = new Date().getTime();
-                    querySuitePaths.push((await runQueryGroup(language, "builtin", createQuerySuiteContents(queries["builtin"], queryFilters), undefined)));
+                    querySuitePaths.push((await runQueryGroup(language, "builtin", createQuerySuiteContents(queries.builtin, queryFilters), undefined, customQueryIndices.length === 0 && packsWithVersion.length === 0)));
                    statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
                        new Date().getTime() - startTimeBuiltIn;
                }
                const startTimeCustom = new Date().getTime();
                let ranCustom = false;
-                for (let i = 0; i < queries["custom"].length; ++i) {
-                    if (queries["custom"][i].queries.length > 0) {
-                        querySuitePaths.push((await runQueryGroup(language, `custom-${i}`, createQuerySuiteContents(queries["custom"][i].queries, queryFilters), queries["custom"][i].searchPath)));
-                        ranCustom = true;
-                    }
+                for (const i of customQueryIndices) {
+                    querySuitePaths.push((await runQueryGroup(language, `custom-${i}`, createQuerySuiteContents(queries.custom[i].queries, queryFilters), queries.custom[i].searchPath, i === customQueryIndices[customQueryIndices.length - 1] &&
+                        packsWithVersion.length === 0)));
+                    ranCustom = true;
                }
                if (packsWithVersion.length > 0) {
-                    querySuitePaths.push(await runQueryPacks(language, "packs", packsWithVersion, queryFilters));
+                    querySuitePaths.push(await runQueryPacks(language, "packs", packsWithVersion, queryFilters, true));
                    ranCustom = true;
                }
                if (ranCustom) {
@@ -218,7 +224,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
        const databasePath = util.getCodeQLDatabasePath(config, language);
        return await codeql.databasePrintBaseline(databasePath);
    }
-    async function runQueryGroup(language, type, querySuiteContents, searchPath) {
+    async function runQueryGroup(language, type, querySuiteContents, searchPath, optimizeForLastQueryRun) {
        const databasePath = util.getCodeQLDatabasePath(config, language);
        // Pass the queries to codeql using a file instead of using the command
        // line to avoid command line length restrictions, particularly on windows.
@@ -229,11 +235,11 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
            fs.writeFileSync(querySuitePath, querySuiteContents);
            logger.debug(`Query suite file for ${language}-${type}...\n${querySuiteContents}`);
        }
-        await codeql.databaseRunQueries(databasePath, searchPath, querySuitePath, memoryFlag, threadsFlag);
+        await codeql.databaseRunQueries(databasePath, searchPath, querySuitePath, queryFlags, optimizeForLastQueryRun);
        logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
        return querySuitePath;
    }
-    async function runQueryPacks(language, type, packs, queryFilters) {
+    async function runQueryPacks(language, type, packs, queryFilters, optimizeForLastQueryRun) {
        const databasePath = util.getCodeQLDatabasePath(config, language);
        for (const pack of packs) {
            logger.debug(`Running query pack for ${language}-${type}: ${pack}`);
@@ -243,7 +249,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
        const querySuitePath = `${databasePath}-queries-${type}.qls`;
        fs.writeFileSync(querySuitePath, yaml.dump(querySuite));
        logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
-        await codeql.databaseRunQueries(databasePath, undefined, querySuitePath, memoryFlag, threadsFlag);
+        await codeql.databaseRunQueries(databasePath, undefined, querySuitePath, queryFlags, optimizeForLastQueryRun);
        return querySuitePath;
    }
 }
@@ -30,8 +30,10 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
 const yaml = __importStar(require("js-yaml"));
+const sinon = __importStar(require("sinon"));
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
+const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
@@ -188,6 +190,126 @@ const util = __importStar(require("./util"));
        }
    }
 });
+function mockCodeQL() {
+    return {
+        getVersion: async () => "2.12.2",
+        databaseRunQueries: sinon.spy(),
+        databaseInterpretResults: async () => "",
+        databasePrintBaseline: async () => "",
+    };
+}
+function createBaseConfig(tmpDir) {
+    return {
+        languages: [],
+        queries: {},
+        pathsIgnore: [],
+        paths: [],
+        originalUserInput: {},
+        tempDir: "tempDir",
+        codeQLCmd: "",
+        gitHubVersion: {
+            type: util.GitHubVariant.DOTCOM,
+        },
+        dbLocation: path.resolve(tmpDir, "codeql_databases"),
+        packs: {},
+        debugMode: false,
+        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
+        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+        augmentationProperties: {
+            injectedMlQueries: false,
+            packsInputCombines: false,
+            queriesInputCombines: false,
+        },
+        trapCaches: {},
+        trapCacheDownloadTime: 0,
+    };
+}
+function createQueryConfig(builtin, custom) {
+    return {
+        builtin,
+        custom: custom.map((c) => ({ searchPath: "/search", queries: [c] })),
+    };
+}
+async function runQueriesWithConfig(config, features) {
+    for (const language of config.languages) {
+        fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
+            recursive: true,
+        });
+    }
+    return (0, analyze_1.runQueries)("sarif-folder", "--memFlag", "--addSnippetsFlag", "--threadsFlag", undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)(features));
+}
+function getDatabaseRunQueriesCalls(mock) {
+    return mock.databaseRunQueries.getCalls();
+}
+(0, ava_1.default)("optimizeForLastQueryRun for one language", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp];
+        config.queries.cpp = createQueryConfig(["foo.ql"], []);
+        await runQueriesWithConfig(config, []);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true]);
+    });
+});
+(0, ava_1.default)("optimizeForLastQueryRun for two languages", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
+        config.queries.cpp = createQueryConfig(["foo.ql"], []);
+        config.queries.java = createQueryConfig(["bar.ql"], []);
+        await runQueriesWithConfig(config, []);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true, true]);
+    });
+});
+(0, ava_1.default)("optimizeForLastQueryRun for two languages, with custom queries", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
+        config.queries.cpp = createQueryConfig(["foo.ql"], ["c1.ql", "c2.ql"]);
+        config.queries.java = createQueryConfig(["bar.ql"], ["c3.ql"]);
+        await runQueriesWithConfig(config, []);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [false, false, true, false, true]);
+    });
+});
+(0, ava_1.default)("optimizeForLastQueryRun for two languages, with custom queries and packs", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
+        config.queries.cpp = createQueryConfig(["foo.ql"], ["c1.ql", "c2.ql"]);
+        config.queries.java = createQueryConfig(["bar.ql"], ["c3.ql"]);
+        config.packs.cpp = ["a/cpp-pack1@0.1.0"];
+        config.packs.java = ["b/java-pack1@0.2.0", "b/java-pack2@0.3.3"];
+        await runQueriesWithConfig(config, []);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [false, false, false, true, false, false, true]);
+    });
+});
+(0, ava_1.default)("optimizeForLastQueryRun for one language, CliConfigFileEnabled", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp];
+        await runQueriesWithConfig(config, [feature_flags_1.Feature.CliConfigFileEnabled]);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true]);
+    });
+});
+(0, ava_1.default)("optimizeForLastQueryRun for two languages, CliConfigFileEnabled", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
+        await runQueriesWithConfig(config, [feature_flags_1.Feature.CliConfigFileEnabled]);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true, true]);
+    });
+});
 (0, ava_1.default)("validateQueryFilters", (t) => {
    t.notThrows(() => (0, analyze_1.validateQueryFilters)([]));
    t.notThrows(() => (0, analyze_1.validateQueryFilters)(undefined));
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
+exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
@@ -94,6 +94,14 @@ exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = "2.9.0";
 * --extractor-options-verbosity that we need.
 */
 exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
+/**
+ * Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for each language.
+ */
+exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
+/**
+ * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig` flag in calls to `database init`.
+ */
+exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
 /**
 * Set up CodeQL CLI access.
 *
@@ -101,16 +109,15 @@ exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
 * @param apiDetails
 * @param tempDir
 * @param variant
- * @param bypassToolcache
 * @param defaultCliVersion
 * @param logger
 * @param checkVersion Whether to check that CodeQL CLI meets the minimum
 *        version requirement. Must be set to true outside tests.
 * @returns a { CodeQL, toolsVersion } object.
 */
-async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, bypassToolcache, defaultCliVersion, logger, checkVersion) {
+async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) {
    try {
-        const { codeqlFolder, toolsVersion } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, bypassToolcache, defaultCliVersion, logger);
+        const { codeqlFolder, toolsDownloadDurationMs, toolsSource, toolsVersion } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger);
        let codeqlCmd = path.join(codeqlFolder, "codeql", "codeql");
        if (process.platform === "win32") {
            codeqlCmd += ".exe";
@@ -119,7 +126,12 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, bypassToolc
            throw new Error(`Unsupported platform: ${process.platform}`);
        }
        cachedCodeQL = await getCodeQLForCmd(codeqlCmd, checkVersion);
-        return { codeql: cachedCodeQL, toolsVersion };
+        return {
+            codeql: cachedCodeQL,
+            toolsDownloadDurationMs,
+            toolsSource,
+            toolsVersion,
+        };
    }
    catch (e) {
        logger.error(e instanceof Error ? e : new Error(String(e)));
@@ -294,7 +306,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                ...getExtraOptionsFromEnv(["database", "init"]),
            ]);
        },
-        async databaseInitCluster(config, sourceRoot, processName, featureEnablement, logger) {
+        async databaseInitCluster(config, sourceRoot, processName, featureEnablement, qlconfigFile, logger) {
            const extraArgs = config.languages.map((language) => `--language=${language}`);
            if (config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l)).length > 0) {
                extraArgs.push("--begin-tracing");
@@ -312,17 +324,20 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                    extraArgs.push("--no-internal-use-lua-tracing");
                }
            }
-            // A config file is only generated if the CliConfigFileEnabled feature flag is enabled.
-            const configLocation = await generateCodeScanningConfig(codeql, config, featureEnablement, logger);
+            // A code scanning config file is only generated if the CliConfigFileEnabled feature flag is enabled.
+            const codeScanningConfigFile = await generateCodeScanningConfig(codeql, config, featureEnablement, logger);
            // Only pass external repository token if a config file is going to be parsed by the CLI.
            let externalRepositoryToken;
-            if (configLocation) {
-                extraArgs.push(`--codescanning-config=${configLocation}`);
+            if (codeScanningConfigFile) {
                externalRepositoryToken = (0, actions_util_1.getOptionalInput)("external-repository-token");
+                extraArgs.push(`--codescanning-config=${codeScanningConfigFile}`);
                if (externalRepositoryToken) {
                    extraArgs.push("--external-repository-token-stdin");
                }
            }
+            if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_INIT_WITH_QLCONFIG)) {
+                extraArgs.push(`--qlconfig=${qlconfigFile}`);
+            }
            await runTool(cmd, [
                "database",
                "init",
@@ -464,17 +479,20 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                throw new Error(`Unexpected output from codeql resolve queries: ${e}`);
            }
        },
-        async databaseRunQueries(databasePath, extraSearchPath, querySuitePath, memoryFlag, threadsFlag) {
+        async databaseRunQueries(databasePath, extraSearchPath, querySuitePath, flags, optimizeForLastQueryRun) {
            const codeqlArgs = [
                "database",
                "run-queries",
-                memoryFlag,
-                threadsFlag,
+                ...flags,
                databasePath,
                "--min-disk-free=1024",
                "-v",
                ...getExtraOptionsFromEnv(["database", "run-queries"]),
            ];
+            if (optimizeForLastQueryRun &&
+                (await util.supportExpectDiscardedCache(this))) {
+                codeqlArgs.push("--expect-discarded-cache");
+            }
            if (extraSearchPath !== undefined) {
                codeqlArgs.push("--additional-packs", extraSearchPath);
            }
@@ -707,7 +725,7 @@ async function generateCodeScanningConfig(codeql, config, featureEnablement, log
    if (!(await util.useCodeScanningConfigInCli(codeql, featureEnablement))) {
        return;
    }
-    const configLocation = path.resolve(config.tempDir, "user-config.yaml");
+    const codeScanningConfigFile = path.resolve(config.tempDir, "user-config.yaml");
    // make a copy so we can modify it
    const augmentedConfig = cloneObject(config.originalUserInput);
    // Inject the queries from the input
@@ -761,12 +779,12 @@ async function generateCodeScanningConfig(codeql, config, featureEnablement, log
            augmentedConfig.packs["javascript"].push(packString);
        }
    }
-    logger.info(`Writing augmented user configuration file to ${configLocation}`);
+    logger.info(`Writing augmented user configuration file to ${codeScanningConfigFile}`);
    logger.startGroup("Augmented user configuration file contents");
    logger.info(yaml.dump(augmentedConfig));
    logger.endGroup();
-    fs.writeFileSync(configLocation, yaml.dump(augmentedConfig));
-    return configLocation;
+    fs.writeFileSync(codeScanningConfigFile, yaml.dump(augmentedConfig));
+    return codeScanningConfigFile;
 }
 function cloneObject(obj) {
    return JSON.parse(JSON.stringify(obj));
@@ -42,6 +42,7 @@ const api = __importStar(require("./api-client"));
 const codeql = __importStar(require("./codeql"));
 const defaults = __importStar(require("./defaults.json"));
 const feature_flags_1 = require("./feature-flags");
+const init_1 = require("./init");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
@@ -96,7 +97,7 @@ ava_1.default.beforeEach(() => {
 * @returns the download URL for the bundle. This can be passed to the tools parameter of
 * `codeql.setupCodeQL`.
 */
-function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, tagName, }) {
+function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, repo = "github/codeql-action", platformSpecific = true, tagName, }) {
    const platform = process.platform === "win32"
        ? "win64"
        : process.platform === "linux"
@@ -104,7 +105,7 @@ function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, tagName, })
            : "osx64";
    const baseUrl = apiDetails?.url ?? "https://example.com";
    const relativeUrl = apiDetails
-        ? `/github/codeql-action/releases/download/${tagName}/codeql-bundle-${platform}.tar.gz`
+        ? `/${repo}/releases/download/${tagName}/codeql-bundle${platformSpecific ? `-${platform}` : ""}.tar.gz`
        : `/download/${tagName}/codeql-bundle.tar.gz`;
    (0, nock_1.default)(baseUrl)
        .get(relativeUrl)
@@ -113,7 +114,7 @@ function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, tagName, })
 }
 async function installIntoToolcache({ apiDetails = sampleApiDetails, cliVersion, isPinned, tagName, tmpDir, }) {
    const url = mockDownloadApi({ apiDetails, isPinned, tagName });
-    await codeql.setupCodeQL(cliVersion !== undefined ? undefined : url, apiDetails, tmpDir, util.GitHubVariant.GHES, false, cliVersion !== undefined
+    await codeql.setupCodeQL(cliVersion !== undefined ? undefined : url, apiDetails, tmpDir, util.GitHubVariant.GHES, cliVersion !== undefined
        ? { cliVersion, tagName, variant: util.GitHubVariant.GHES }
        : SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
 }
@@ -152,9 +153,11 @@ function mockApiDetails(apiDetails) {
                tagName: `codeql-bundle-${version}`,
                isPinned: false,
            });
-            const result = await codeql.setupCodeQL(url, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, false, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+            const result = await codeql.setupCodeQL(url, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
            t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
            t.is(result.toolsVersion, `0.0.0-${version}`);
+            t.is(result.toolsSource, init_1.ToolsSource.Download);
+            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
        }
        t.is(toolcache.findAllVersions("CodeQL").length, 2);
    });
@@ -170,9 +173,11 @@ function mockApiDetails(apiDetails) {
        const url = mockDownloadApi({
            tagName: "codeql-bundle-20200610",
        });
-        const result = await codeql.setupCodeQL(url, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, false, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL(url, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
        t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
        t.deepEqual(result.toolsVersion, "0.0.0-20200610");
+        t.is(result.toolsSource, init_1.ToolsSource.Download);
+        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
    });
 });
 const EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES = [
@@ -202,65 +207,59 @@ for (const { cliVersion, expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUN
            const url = mockDownloadApi({
                tagName: "codeql-bundle-20200610",
            });
-            const result = await codeql.setupCodeQL(url, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, false, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+            const result = await codeql.setupCodeQL(url, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
            t.assert(releaseApiMock.isDone(), "Releases API should have been called");
            t.assert(toolcache.find("CodeQL", expectedToolcacheVersion));
            t.deepEqual(result.toolsVersion, cliVersion);
+            t.is(result.toolsSource, init_1.ToolsSource.Download);
+            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
        });
    });
 }
-for (const { isCached, tagName, toolcacheCliVersion } of [
+for (const { githubReleases, toolcacheVersion } of [
+    // Test that we use the tools from the toolcache when `SAMPLE_DEFAULT_CLI_VERSION` is requested
+    // and `SAMPLE_DEFAULT_CLI_VERSION-` is in the toolcache.
    {
-        isCached: true,
-        tagName: "codeql-bundle-20230101",
-        toolcacheCliVersion: SAMPLE_DEFAULT_CLI_VERSION.cliVersion,
+        toolcacheVersion: SAMPLE_DEFAULT_CLI_VERSION.cliVersion,
    },
    {
-        isCached: true,
-        // By leaving toolcacheCliVersion undefined, the bundle will be installed
-        // into the toolcache as `${SAMPLE_DEFAULT_CLI_VERSION.cliVersion}-20230101`.
-        // This lets us test that `x.y.z-yyyymmdd` toolcache versions are used if an
-        // `x.y.z` version isn't in the toolcache.
-        tagName: `codeql-bundle-${SAMPLE_DEFAULT_CLI_VERSION.cliVersion}-20230101`,
+        githubReleases: {
+            "codeql-bundle-20230101": `cli-version-${SAMPLE_DEFAULT_CLI_VERSION.cliVersion}.txt`,
+        },
+        toolcacheVersion: "0.0.0-20230101",
    },
    {
-        isCached: false,
-        tagName: "codeql-bundle-20230101",
+        toolcacheVersion: `${SAMPLE_DEFAULT_CLI_VERSION.cliVersion}-20230101`,
    },
 ]) {
-    (0, ava_1.default)(`uses default version on Dotcom when default version bundle ${tagName} is ${isCached ? "" : "not "}cached`, async (t) => {
+    (0, ava_1.default)(`uses tools from toolcache when ${SAMPLE_DEFAULT_CLI_VERSION.cliVersion} is requested and ` +
+        `${toolcacheVersion} is installed`, async (t) => {
        await util.withTmpDir(async (tmpDir) => {
            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-            if (isCached) {
-                await installIntoToolcache({
-                    cliVersion: toolcacheCliVersion,
-                    tagName,
-                    isPinned: true,
-                    tmpDir,
-                });
-            }
-            else {
-                mockDownloadApi({
-                    tagName,
-                });
+            sinon
+                .stub(toolcache, "find")
+                .withArgs("CodeQL", toolcacheVersion)
+                .returns("path/to/cached/codeql");
+            sinon.stub(toolcache, "findAllVersions").returns([toolcacheVersion]);
+            if (githubReleases) {
                sinon.stub(api, "getApiClient").value(() => ({
                    repos: {
                        listReleases: sinon.stub().resolves(undefined),
                    },
-                    paginate: sinon.stub().resolves([
-                        {
-                            assets: [
-                                {
-                                    name: "cli-version-2.0.0.txt",
-                                },
-                            ],
-                            tag_name: tagName,
-                        },
-                    ]),
+                    paginate: sinon.stub().resolves(Object.entries(githubReleases).map(([releaseTagName, cliVersionMarkerFile]) => ({
+                        assets: [
+                            {
+                                name: cliVersionMarkerFile,
+                            },
+                        ],
+                        tag_name: releaseTagName,
+                    }))),
                }));
            }
-            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, false, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
            t.is(result.toolsVersion, SAMPLE_DEFAULT_CLI_VERSION.cliVersion);
+            t.is(result.toolsSource, init_1.ToolsSource.Toolcache);
+            t.is(result.toolsDownloadDurationMs, undefined);
        });
    });
 }
@@ -273,12 +272,14 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
                isPinned: true,
                tmpDir,
            });
-            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, variant, false, {
+            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, variant, {
                cliVersion: defaults.cliVersion,
                tagName: defaults.bundleVersion,
                variant,
            }, (0, logging_1.getRunnerLogger)(true), false);
            t.deepEqual(result.toolsVersion, "0.0.0-20200601");
+            t.is(result.toolsSource, init_1.ToolsSource.Toolcache);
+            t.is(result.toolsDownloadDurationMs, undefined);
            const cachedVersions = toolcache.findAllVersions("CodeQL");
            t.is(cachedVersions.length, 1);
        });
@@ -294,12 +295,14 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
            mockDownloadApi({
                tagName: defaults.bundleVersion,
            });
-            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, variant, false, {
+            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, variant, {
                cliVersion: defaults.cliVersion,
                tagName: defaults.bundleVersion,
                variant,
            }, (0, logging_1.getRunnerLogger)(true), false);
            t.deepEqual(result.toolsVersion, defaults.cliVersion);
+            t.is(result.toolsSource, init_1.ToolsSource.Download);
+            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
            const cachedVersions = toolcache.findAllVersions("CodeQL");
            t.is(cachedVersions.length, 2);
        });
@@ -316,45 +319,81 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
        mockDownloadApi({
            tagName: defaults.bundleVersion,
        });
-        const result = await codeql.setupCodeQL("latest", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, false, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL("latest", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
        t.deepEqual(result.toolsVersion, defaults.cliVersion);
+        t.is(result.toolsSource, init_1.ToolsSource.Download);
+        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 2);
    });
 });
-(0, ava_1.default)("download codeql bundle from github ae endpoint", async (t) => {
+for (const isBundleVersionInUrl of [true, false]) {
+    const inclusionString = isBundleVersionInUrl
+        ? "includes"
+        : "does not include";
+    (0, ava_1.default)(`download codeql bundle from github ae endpoint (URL ${inclusionString} bundle version)`, async (t) => {
+        await util.withTmpDir(async (tmpDir) => {
+            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+            const bundleAssetID = 10;
+            const platform = process.platform === "win32"
+                ? "win64"
+                : process.platform === "linux"
+                    ? "linux64"
+                    : "osx64";
+            const codeQLBundleName = `codeql-bundle-${platform}.tar.gz`;
+            const eventualDownloadUrl = isBundleVersionInUrl
+                ? `https://example.githubenterprise.com/github/codeql-action/releases/download/${defaults.bundleVersion}/${codeQLBundleName}`
+                : `https://example.githubenterprise.com/api/v3/repos/github/codeql-action/releases/assets/${bundleAssetID}`;
+            (0, nock_1.default)("https://example.githubenterprise.com")
+                .get(`/api/v3/enterprise/code-scanning/codeql-bundle/find/${defaults.bundleVersion}`)
+                .reply(200, {
+                assets: { [codeQLBundleName]: bundleAssetID },
+            });
+            (0, nock_1.default)("https://example.githubenterprise.com")
+                .get(`/api/v3/enterprise/code-scanning/codeql-bundle/download/${bundleAssetID}`)
+                .reply(200, {
+                url: eventualDownloadUrl,
+            });
+            (0, nock_1.default)("https://example.githubenterprise.com")
+                .get(eventualDownloadUrl.replace("https://example.githubenterprise.com", ""))
+                .replyWithFile(200, path_1.default.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
+            mockApiDetails(sampleGHAEApiDetails);
+            sinon.stub(actionsUtil, "isRunningLocalAction").returns(false);
+            process.env["GITHUB_ACTION_REPOSITORY"] = "github/codeql-action";
+            const result = await codeql.setupCodeQL(undefined, sampleGHAEApiDetails, tmpDir, util.GitHubVariant.GHAE, {
+                cliVersion: defaults.cliVersion,
+                tagName: defaults.bundleVersion,
+                variant: util.GitHubVariant.GHAE,
+            }, (0, logging_1.getRunnerLogger)(true), false);
+            t.is(result.toolsSource, init_1.ToolsSource.Download);
+            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
+            const cachedVersions = toolcache.findAllVersions("CodeQL");
+            t.is(cachedVersions.length, 1);
+        });
+    });
+}
+(0, ava_1.default)("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) => {
    await util.withTmpDir(async (tmpDir) => {
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        const bundleAssetID = 10;
-        const platform = process.platform === "win32"
-            ? "win64"
-            : process.platform === "linux"
-                ? "linux64"
-                : "osx64";
-        const codeQLBundleName = `codeql-bundle-${platform}.tar.gz`;
-        (0, nock_1.default)("https://example.githubenterprise.com")
-            .get(`/api/v3/enterprise/code-scanning/codeql-bundle/find/${defaults.bundleVersion}`)
-            .reply(200, {
-            assets: { [codeQLBundleName]: bundleAssetID },
+        mockApiDetails(sampleApiDetails);
+        sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
+        const releasesApiMock = mockReleaseApi({
+            assetNames: ["cli-version-2.12.2.txt"],
+            tagName: "codeql-bundle-20230203",
        });
-        (0, nock_1.default)("https://example.githubenterprise.com")
-            .get(`/api/v3/enterprise/code-scanning/codeql-bundle/download/${bundleAssetID}`)
-            .reply(200, {
-            url: `https://example.githubenterprise.com/github/codeql-action/releases/download/${defaults.bundleVersion}/${codeQLBundleName}`,
+        mockDownloadApi({
+            repo: "dsp-testing/codeql-cli-nightlies",
+            platformSpecific: false,
+            tagName: "codeql-bundle-20230203",
        });
-        (0, nock_1.default)("https://example.githubenterprise.com")
-            .get(`/github/codeql-action/releases/download/${defaults.bundleVersion}/${codeQLBundleName}`)
-            .replyWithFile(200, path_1.default.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
-        mockApiDetails(sampleGHAEApiDetails);
-        sinon.stub(actionsUtil, "isRunningLocalAction").returns(false);
-        process.env["GITHUB_ACTION_REPOSITORY"] = "github/codeql-action";
-        await codeql.setupCodeQL(undefined, sampleGHAEApiDetails, tmpDir, util.GitHubVariant.GHAE, false, {
-            cliVersion: defaults.cliVersion,
-            tagName: defaults.bundleVersion,
-            variant: util.GitHubVariant.GHAE,
-        }, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL("https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        t.is(result.toolsVersion, "0.0.0-20230203");
+        t.is(result.toolsSource, init_1.ToolsSource.Download);
+        t.true(Number.isInteger(result.toolsDownloadDurationMs));
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 1);
+        t.is(cachedVersions[0], "0.0.0-20230203");
+        t.false(releasesApiMock.isDone());
    });
 });
 (0, ava_1.default)("getExtraOptions works for explicit paths", (t) => {
@@ -413,11 +452,11 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
                packsInputCombines: false,
            },
        };
-        await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, (0, testing_utils_1.createFeatures)([]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
        const args = runnerConstructorStub.firstCall.args[1];
        // should NOT have used an config file
        const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
-        t.falsy(configArg, "Should have injected a codescanning config");
+        t.falsy(configArg, "Should NOT have injected a codescanning config");
    });
 });
 // Test macro for ensuring different variants of injected augmented configurations
@@ -435,7 +474,7 @@ const injectedConfigMacro = ava_1.default.macro({
                tempDir,
                augmentationProperties,
            };
-            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), (0, logging_1.getRunnerLogger)(true));
+            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), undefined, (0, logging_1.getRunnerLogger)(true));
            const args = runnerConstructorStub.firstCall.args[1];
            // should have used an config file
            const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
@@ -626,24 +665,47 @@ const injectedConfigMacro = ava_1.default.macro({
        queries: [],
    },
 }, {});
-(0, ava_1.default)("does not use injected config", async (t) => {
-    const origCODEQL_PASS_CONFIG_TO_CLI = process.env.CODEQL_PASS_CONFIG_TO_CLI;
-    process.env["CODEQL_PASS_CONFIG_TO_CLI"] = "false";
-    try {
-        const runnerConstructorStub = stubToolRunnerConstructor();
-        const codeqlObject = await codeql.getCodeQLForTesting();
-        sinon
-            .stub(codeqlObject, "getVersion")
-            .resolves(feature_flags_1.featureConfig[feature_flags_1.Feature.CliConfigFileEnabled].minimumVersion);
-        await codeqlObject.databaseInitCluster(stubConfig, "", undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
-        const args = runnerConstructorStub.firstCall.args[1];
-        // should have used an config file
-        const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
-        t.falsy(configArg, "Should NOT have injected a codescanning config");
-    }
-    finally {
-        process.env["CODEQL_PASS_CONFIG_TO_CLI"] = origCODEQL_PASS_CONFIG_TO_CLI;
-    }
+(0, ava_1.default)("does not pass a code scanning config or qlconfig file to the CLI when CLI config passing is disabled", async (t) => {
+    const runnerConstructorStub = stubToolRunnerConstructor();
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    // stubbed version doesn't matter. It just needs to be valid semver.
+    sinon.stub(codeqlObject, "getVersion").resolves("0.0.0");
+    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, (0, testing_utils_1.createFeatures)([]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+    const args = runnerConstructorStub.firstCall.args[1];
+    // should not have used a config file
+    const hasConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
+    t.false(hasConfigArg, "Should NOT have injected a codescanning config");
+    // should not have passed a qlconfig file
+    const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig="));
+    t.false(hasQlconfigArg, "Should NOT have passed a qlconfig file");
+});
+(0, ava_1.default)("passes a code scanning config AND qlconfig to the CLI when CLI config passing is enabled", async (t) => {
+    const runnerConstructorStub = stubToolRunnerConstructor();
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    sinon
+        .stub(codeqlObject, "getVersion")
+        .resolves(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG);
+    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+    const args = runnerConstructorStub.firstCall.args[1];
+    // should have used a config file
+    const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
+    t.true(hasCodeScanningConfigArg, "Should have injected a qlconfig");
+    // should have passed a qlconfig file
+    const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig="));
+    t.truthy(hasQlconfigArg, "Should have injected a codescanning config");
+});
+(0, ava_1.default)("passes a code scanning config BUT NOT a qlconfig to the CLI when CLI config passing is enabled", async (t) => {
+    const runnerConstructorStub = stubToolRunnerConstructor();
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    sinon.stub(codeqlObject, "getVersion").resolves("2.12.2");
+    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+    const args = runnerConstructorStub.firstCall.args[1];
+    // should have used a config file
+    const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
+    t.true(hasCodeScanningConfigArg, "Should NOT have injected a qlconfig");
+    // should have passed a qlconfig file
+    const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig="));
+    t.false(hasQlconfigArg, "Should have injected a codescanning config");
 });
 (0, ava_1.default)("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3", async (t) => {
    const runnerConstructorStub = stubToolRunnerConstructor();
@@ -23,10 +23,9 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.downloadPacks = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePackSpecification = exports.prettyPrintPack = exports.parsePacksSpecification = exports.parsePacksFromConfig = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesMissingUses = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = exports.defaultAugmentationProperties = void 0;
+exports.wrapEnvironment = exports.generateRegistries = exports.downloadPacks = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePackSpecification = exports.prettyPrintPack = exports.parsePacksSpecification = exports.parsePacksFromConfig = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesMissingUses = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = exports.defaultAugmentationProperties = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-// We need to import `performance` on Node 12
 const perf_hooks_1 = require("perf_hooks");
 const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
@@ -132,7 +131,11 @@ async function addDefaultQueries(codeQL, languages, resultMap) {
    await runResolveQueries(codeQL, resultMap, suites, undefined);
 }
 // The set of acceptable values for built-in suites from the codeql bundle
-const builtinSuites = ["security-extended", "security-and-quality"];
+const builtinSuites = [
+    "security-experimental",
+    "security-extended",
+    "security-and-quality",
+];
 /**
 * Determine the set of queries associated with suiteName's suites and add them to resultMap.
 * Throws an error if suiteName is not a valid builtin suite.
@@ -144,6 +147,12 @@ async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suite
    if (!found) {
        throw new Error(getQueryUsesInvalid(configFile, suiteName));
    }
+    if (suiteName === "security-experimental" &&
+        !(await (0, util_1.codeQlVersionAbove)(codeQL, codeql_1.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE))) {
+        throw new Error(`The 'security-experimental' suite is not supported on CodeQL CLI versions earlier than
+      ${codeql_1.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE}. Please upgrade to CodeQL CLI version
+      ${codeql_1.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE} or later.`);
+    }
    // If we're running the JavaScript security-extended analysis (or a superset of it), the repo is
    // opted into the ML-powered queries beta, and a user hasn't already added the ML-powered query
    // pack, then add the ML-powered query pack so that we run ML-powered queries.
@@ -152,7 +161,9 @@ async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suite
    (process.platform !== "win32" ||
        (await (0, util_1.codeQlVersionAbove)(codeQL, codeql_1.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS))) &&
        languages.includes("javascript") &&
-        (found === "security-extended" || found === "security-and-quality") &&
+        (found === "security-experimental" ||
+            found === "security-extended" ||
+            found === "security-and-quality") &&
        !packs.javascript?.some(isMlPoweredJsQueriesPack) &&
        (await featureEnablement.getValue(feature_flags_1.Feature.MlPoweredQueriesEnabled, codeQL))) {
        if (!packs.javascript) {
@@ -714,7 +725,7 @@ function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) {
    }
    const trimmedInput = queriesInputCombines
        ? rawQueriesInput.trim().slice(1).trim()
-        : rawQueriesInput?.trim();
+        : rawQueriesInput?.trim() ?? "";
    if (queriesInputCombines && trimmedInput.length === 0) {
        throw new Error(getConfigFilePropertyError(undefined, "queries", "A '+' was used in the 'queries' input to specify that you wished to add some packs to your CodeQL analysis. However, no packs were specified. Please either remove the '+' or specify some packs."));
    }
@@ -894,7 +905,8 @@ exports.parsePacks = parsePacks;
 * Without a '+', an input value will override the corresponding value in the config file.
 *
 * @param inputValue The input value to process.
- * @returns true if the input value should replace the corresponding value in the config file, false if it should be appended.
+ * @returns true if the input value should replace the corresponding value in the config file,
+ *          false if it should be appended.
 */
 function shouldCombine(inputValue) {
    return !!inputValue?.trim().startsWith("+");
@@ -947,8 +959,7 @@ async function initConfig(languagesInput, queriesInput, packsInput, registriesIn
                    "Please make sure that the default queries are enabled, or you are specifying queries to run.");
            }
        }
-        const registries = parseRegistries(registriesInput);
-        await downloadPacks(codeQL, config.languages, config.packs, registries, apiDetails, config.tempDir, logger);
+        await downloadPacks(codeQL, config.languages, config.packs, apiDetails, registriesInput, config.tempDir, logger);
    }
    // Save the config so we can easily access it again in the future
    await saveConfig(config, logger);
@@ -1044,21 +1055,9 @@ async function getConfig(tempDir, logger) {
    return JSON.parse(configString);
 }
 exports.getConfig = getConfig;
-async function downloadPacks(codeQL, languages, packs, registries, apiDetails, tmpDir, logger) {
-    let qlconfigFile;
-    let registriesAuthTokens;
-    if (registries) {
-        if (!(await (0, util_1.codeQlVersionAbove)(codeQL, codeql_1.CODEQL_VERSION_GHES_PACK_DOWNLOAD))) {
-            throw new Error(`'registries' input is not supported on CodeQL versions less than ${codeql_1.CODEQL_VERSION_GHES_PACK_DOWNLOAD}.`);
-        }
-        // generate a qlconfig.yml file to hold the registry configs.
-        const qlconfig = createRegistriesBlock(registries);
-        qlconfigFile = path.join(tmpDir, "qlconfig.yml");
-        fs.writeFileSync(qlconfigFile, yaml.dump(qlconfig), "utf8");
-        registriesAuthTokens = registries
-            .map((registry) => `${registry.url}=${registry.token}`)
-            .join(",");
-    }
+async function downloadPacks(codeQL, languages, packs, apiDetails, registriesInput, tempDir, logger) {
+    // This code path is only used when config parsing occurs in the Action.
+    const { registriesAuthTokens, qlconfigFile } = await generateRegistries(registriesInput, codeQL, tempDir, logger);
    await wrapEnvironment({
        GITHUB_TOKEN: apiDetails.auth,
        CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
@@ -1086,6 +1085,48 @@ async function downloadPacks(codeQL, languages, packs, registries, apiDetails, t
    });
 }
 exports.downloadPacks = downloadPacks;
+/**
+ * Generate a `qlconfig.yml` file from the `registries` input.
+ * This file is used by the CodeQL CLI to list the registries to use for each
+ * pack.
+ *
+ * @param registriesInput The value of the `registries` input.
+ * @param codeQL a codeQL object, used only for checking the version of CodeQL.
+ * @param tempDir a temporary directory to store the generated qlconfig.yml file.
+ * @param logger a logger object.
+ * @returns The path to the generated `qlconfig.yml` file and the auth tokens to
+ *        use for each registry.
+ */
+async function generateRegistries(registriesInput, codeQL, tempDir, logger) {
+    const registries = parseRegistries(registriesInput);
+    let registriesAuthTokens;
+    let qlconfigFile;
+    if (registries) {
+        if (!(await (0, util_1.codeQlVersionAbove)(codeQL, codeql_1.CODEQL_VERSION_GHES_PACK_DOWNLOAD))) {
+            throw new Error(`The 'registries' input is not supported on CodeQL CLI versions earlier than ${codeql_1.CODEQL_VERSION_GHES_PACK_DOWNLOAD}. Please upgrade to CodeQL CLI version ${codeql_1.CODEQL_VERSION_GHES_PACK_DOWNLOAD} or later.`);
+        }
+        // generate a qlconfig.yml file to hold the registry configs.
+        const qlconfig = createRegistriesBlock(registries);
+        qlconfigFile = path.join(tempDir, "qlconfig.yml");
+        const qlconfigContents = yaml.dump(qlconfig);
+        fs.writeFileSync(qlconfigFile, qlconfigContents, "utf8");
+        logger.debug("Generated qlconfig.yml:");
+        logger.debug(qlconfigContents);
+        registriesAuthTokens = registries
+            .map((registry) => `${registry.url}=${registry.token}`)
+            .join(",");
+    }
+    if (typeof process.env.CODEQL_REGISTRIES_AUTH === "string") {
+        logger.debug("Using CODEQL_REGISTRIES_AUTH environment variable to authenticate with registries.");
+    }
+    return {
+        registriesAuthTokens: 
+        // if the user has explicitly set the CODEQL_REGISTRIES_AUTH env var then use that
+        process.env.CODEQL_REGISTRIES_AUTH ?? registriesAuthTokens,
+        qlconfigFile,
+    };
+}
+exports.generateRegistries = generateRegistries;
 function createRegistriesBlock(registries) {
    if (!Array.isArray(registries) ||
        registries.some((r) => !r.url || !r.packages)) {
@@ -1135,4 +1176,5 @@ async function wrapEnvironment(env, operation) {
        }
    }
 }
+exports.wrapEnvironment = wrapEnvironment;
 //# sourceMappingURL=config-utils.js.map
@@ -1014,7 +1014,7 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
 // Test that the ~0.1.0 version of ML-powered queries is run on v2.8.3 of the CLI.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.8.3", true, undefined, "security-extended", process.platform === "win32" ? undefined : "~0.1.0");
 // Test that ML-powered queries aren't run when the user hasn't specified that we should run the
-// `security-extended` or `security-and-quality` query suite.
+//  `security-extended`, `security-and-quality`, or `security-experimental` query suite.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, undefined, undefined);
 // Test that ML-powered queries are run on non-Windows platforms running `security-extended` on
 // versions of the CodeQL CLI prior to 2.9.0.
@@ -1042,6 +1042,9 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
 // Test that ML-powered queries are run on all platforms running `security-and-quality` on CodeQL
 // CLI 2.11.3+.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.11.3", true, undefined, "security-and-quality", "~0.4.0");
+// Test that ML-powered queries are run on all platforms running `security-experimental` on CodeQL
+// CLI 2.12.1+.
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.12.1", true, undefined, "security-experimental", "~0.4.0");
 const calculateAugmentationMacro = ava_1.default.macro({
    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedAugmentationProperties) => {
        const actualAugmentationProperties = configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, languages);
@@ -1111,8 +1114,8 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
            java: ["a", "b"],
            go: ["c", "d"],
            python: ["e", "f"],
-        }, undefined, // registries
-        sampleApiDetails, tmpDir, logger);
+        }, sampleApiDetails, undefined, // registriesAuthTokens
+        tmpDir, logger);
        // Expecting packs to be downloaded once for java and once for python
        t.deepEqual(packDownloadStub.callCount, 2);
        // no config file was created, so pass `undefined` as the config file path
@@ -1125,9 +1128,9 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
    // associated env vars
    return await util.withTmpDir(async (tmpDir) => {
        process.env.GITHUB_TOKEN = "not-a-token";
-        process.env.CODEQL_REGISTRIES_AUTH = "not-a-registries-auth";
+        process.env.CODEQL_REGISTRIES_AUTH = undefined;
        const logger = (0, logging_1.getRunnerLogger)(true);
-        const registries = [
+        const registriesInput = yaml.dump([
            {
                // no slash
                url: "http://ghcr.io",
@@ -1140,8 +1143,9 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
                packages: "semmle/*",
                token: "still-not-a-token",
            },
-        ];
+        ]);
        // append a slash to the first url
+        const registries = yaml.load(registriesInput);
        const expectedRegistries = registries.map((r, i) => ({
            packages: r.packages,
            url: i === 0 ? `${r.url}/` : r.url,
@@ -1170,7 +1174,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
            java: ["a", "b"],
            go: ["c", "d"],
            python: ["e", "f"],
-        }, registries, sampleApiDetails, tmpDir, logger);
+        }, sampleApiDetails, registriesInput, tmpDir, logger);
        // Same packs are downloaded as in previous test
        t.deepEqual(packDownloadStub.callCount, 2);
        t.deepEqual(packDownloadStub.firstCall.args, [
@@ -1183,7 +1187,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
        ]);
        // Verify that the env vars were unset.
        t.deepEqual(process.env.GITHUB_TOKEN, "not-a-token");
-        t.deepEqual(process.env.CODEQL_REGISTRIES_AUTH, "not-a-registries-auth");
+        t.deepEqual(process.env.CODEQL_REGISTRIES_AUTH, undefined);
    });
 });
 (0, ava_1.default)("downloadPacks-with-registries fails on 2.10.3", async (t) => {
@@ -1193,7 +1197,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
        process.env.GITHUB_TOKEN = "not-a-token";
        process.env.CODEQL_REGISTRIES_AUTH = "not-a-registries-auth";
        const logger = (0, logging_1.getRunnerLogger)(true);
-        const registries = [
+        const registriesInput = yaml.dump([
            {
                url: "http://ghcr.io",
                packages: ["codeql/*", "dsp-testing/*"],
@@ -1204,12 +1208,12 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
                packages: "semmle/*",
                token: "still-not-a-token",
            },
-        ];
+        ]);
        const codeQL = (0, codeql_1.setCodeQL)({
            getVersion: () => Promise.resolve("2.10.3"),
        });
        await t.throwsAsync(async () => {
-            return await configUtils.downloadPacks(codeQL, [languages_1.Language.javascript, languages_1.Language.java, languages_1.Language.python], {}, registries, sampleApiDetails, tmpDir, logger);
+            return await configUtils.downloadPacks(codeQL, [languages_1.Language.javascript, languages_1.Language.java, languages_1.Language.python], {}, sampleApiDetails, registriesInput, tmpDir, logger);
        }, { instanceOf: Error }, "'registries' input is not supported on CodeQL versions less than 2.10.4.");
    });
 });
@@ -1220,7 +1224,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
        process.env.GITHUB_TOKEN = "not-a-token";
        process.env.CODEQL_REGISTRIES_AUTH = "not-a-registries-auth";
        const logger = (0, logging_1.getRunnerLogger)(true);
-        const registries = [
+        const registriesInput = yaml.dump([
            {
                // missing url property
                packages: ["codeql/*", "dsp-testing/*"],
@@ -1231,15 +1235,68 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
                packages: "semmle/*",
                token: "still-not-a-token",
            },
-        ];
+        ]);
        const codeQL = (0, codeql_1.setCodeQL)({
            getVersion: () => Promise.resolve("2.10.4"),
        });
        await t.throwsAsync(async () => {
-            return await configUtils.downloadPacks(codeQL, [languages_1.Language.javascript, languages_1.Language.java, languages_1.Language.python], {}, registries, sampleApiDetails, tmpDir, logger);
+            return await configUtils.downloadPacks(codeQL, [languages_1.Language.javascript, languages_1.Language.java, languages_1.Language.python], {}, sampleApiDetails, registriesInput, tmpDir, logger);
        }, { instanceOf: Error }, "Invalid 'registries' input. Must be an array of objects with 'url' and 'packages' properties.");
    });
 });
+// the happy path for generateRegistries is already tested in downloadPacks.
+// these following tests are for the error cases and when nothing is generated.
+(0, ava_1.default)("no generateRegistries when CLI is too old", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const registriesInput = yaml.dump([
+            {
+                // no slash
+                url: "http://ghcr.io",
+                packages: ["codeql/*", "dsp-testing/*"],
+                token: "not-a-token",
+            },
+        ]);
+        const codeQL = (0, codeql_1.setCodeQL)({
+            // Accepted CLI versions are 2.10.4 or higher
+            getVersion: () => Promise.resolve("2.10.3"),
+        });
+        const logger = (0, logging_1.getRunnerLogger)(true);
+        await t.throwsAsync(async () => await configUtils.generateRegistries(registriesInput, codeQL, tmpDir, logger), undefined, "'registries' input is not supported on CodeQL versions less than 2.10.4.");
+    });
+});
+(0, ava_1.default)("no generateRegistries when registries is undefined", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const registriesInput = undefined;
+        const codeQL = (0, codeql_1.setCodeQL)({
+            // Accepted CLI versions are 2.10.4 or higher
+            getVersion: () => Promise.resolve(codeql_1.CODEQL_VERSION_GHES_PACK_DOWNLOAD),
+        });
+        const logger = (0, logging_1.getRunnerLogger)(true);
+        const { registriesAuthTokens, qlconfigFile } = await configUtils.generateRegistries(registriesInput, codeQL, tmpDir, logger);
+        t.is(registriesAuthTokens, undefined);
+        t.is(qlconfigFile, undefined);
+    });
+});
+(0, ava_1.default)("generateRegistries prefers original CODEQL_REGISTRIES_AUTH", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env.CODEQL_REGISTRIES_AUTH = "original";
+        const registriesInput = yaml.dump([
+            {
+                url: "http://ghcr.io",
+                packages: ["codeql/*", "dsp-testing/*"],
+                token: "not-a-token",
+            },
+        ]);
+        const codeQL = (0, codeql_1.setCodeQL)({
+            // Accepted CLI versions are 2.10.4 or higher
+            getVersion: () => Promise.resolve(codeql_1.CODEQL_VERSION_GHES_PACK_DOWNLOAD),
+        });
+        const logger = (0, logging_1.getRunnerLogger)(true);
+        const { registriesAuthTokens, qlconfigFile } = await configUtils.generateRegistries(registriesInput, codeQL, tmpDir, logger);
+        t.is(registriesAuthTokens, "original");
+        t.is(qlconfigFile, path.join(tmpDir, "qlconfig.yml"));
+    });
+});
 // getLanguages
 const mockRepositoryNwo = (0, repository_1.parseRepositoryNwo)("owner/repo");
 // eslint-disable-next-line github/array-foreach
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-20230105",
-    "cliVersion": "2.12.0",
-    "priorBundleVersion": "codeql-bundle-20221211",
-    "priorCliVersion": "2.11.6"
+    "bundleVersion": "codeql-bundle-20230217",
+    "cliVersion": "2.12.3",
+    "priorBundleVersion": "codeql-bundle-20230207",
+    "priorCliVersion": "2.12.2"
 }
@@ -32,30 +32,14 @@ const defaults = __importStar(require("./defaults.json"));
 const util = __importStar(require("./util"));
 const DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_";
 const DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled";
-const MINIMUM_ENABLED_CODEQL_VERSION = "2.11.6";
 var Feature;
 (function (Feature) {
-    Feature["BypassToolcacheEnabled"] = "bypass_toolcache_enabled";
-    Feature["BypassToolcacheKotlinSwiftEnabled"] = "bypass_toolcache_kotlin_swift_enabled";
    Feature["CliConfigFileEnabled"] = "cli_config_file_enabled";
    Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
    Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
-    Feature["TrapCachingEnabled"] = "trap_caching_enabled";
    Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
 })(Feature = exports.Feature || (exports.Feature = {}));
 exports.featureConfig = {
-    [Feature.BypassToolcacheEnabled]: {
-        envVar: "CODEQL_BYPASS_TOOLCACHE",
-        // Cannot specify a minimum version because this flag is checked before we have
-        // access to the CodeQL instance.
-        minimumVersion: undefined,
-    },
-    [Feature.BypassToolcacheKotlinSwiftEnabled]: {
-        envVar: "CODEQL_BYPASS_TOOLCACHE_KOTLIN_SWIFT",
-        // Cannot specify a minimum version because this flag is checked before we have
-        // access to the CodeQL instance.
-        minimumVersion: undefined,
-    },
    [Feature.DisableKotlinAnalysisEnabled]: {
        envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS",
        minimumVersion: undefined,
@@ -68,10 +52,6 @@ exports.featureConfig = {
        envVar: "CODEQL_ML_POWERED_QUERIES",
        minimumVersion: "2.7.5",
    },
-    [Feature.TrapCachingEnabled]: {
-        envVar: "CODEQL_TRAP_CACHING",
-        minimumVersion: undefined,
-    },
    [Feature.UploadFailedSarifEnabled]: {
        envVar: "CODEQL_ACTION_UPLOAD_FAILED_SARIF",
        minimumVersion: "2.11.3",
@@ -106,10 +86,6 @@ class Features {
        if (!codeql && exports.featureConfig[feature].minimumVersion) {
            throw new Error(`Internal error: A minimum version is specified for feature ${feature}, but no instance of CodeQL was provided.`);
        }
-        // Bypassing the toolcache is disabled in test mode.
-        if (feature === Feature.BypassToolcacheEnabled && util.isInTestMode()) {
-            return false;
-        }
        const envVar = (process.env[exports.featureConfig[feature].envVar] || "").toLocaleLowerCase();
        // Do not use this feature if user explicitly disables it via an environment variable.
        if (envVar === "false") {
@@ -137,7 +113,7 @@ class GitHubFeatureFlags {
        this.repositoryNwo = repositoryNwo;
        this.featureFlagsFile = featureFlagsFile;
        this.logger = logger;
-        /**/
+        this.hasAccessedRemoteFeatureFlags = false; // Not accessed by default.
    }
    getCliVersionFromFeatureFlag(f) {
        if (!f.startsWith(DEFAULT_VERSION_FEATURE_FLAG_PREFIX) ||
@@ -155,8 +131,12 @@ class GitHubFeatureFlags {
    }
    async getDefaultCliVersion(variant) {
        if (variant === util.GitHubVariant.DOTCOM) {
+            const defaultDotComCliVersion = await this.getDefaultDotcomCliVersion();
            return {
-                cliVersion: await this.getDefaultDotcomCliVersion(),
+                cliVersion: defaultDotComCliVersion.version,
+                toolsFeatureFlagsValid: this.hasAccessedRemoteFeatureFlags
+                    ? defaultDotComCliVersion.toolsFeatureFlagsValid
+                    : undefined,
                variant,
            };
        }
@@ -173,13 +153,28 @@ class GitHubFeatureFlags {
            .filter((f) => f !== undefined)
            .map((f) => f);
        if (enabledFeatureFlagCliVersions.length === 0) {
-            this.logger.debug("Feature flags do not specify a default CLI version. Falling back to CLI version " +
-                `${MINIMUM_ENABLED_CODEQL_VERSION}.`);
-            return MINIMUM_ENABLED_CODEQL_VERSION;
+            // We expect at least one default CLI version to be enabled on Dotcom at any time. However if
+            // the feature flags are misconfigured, rather than crashing, we fall back to the CLI version
+            // shipped with the Action in defaults.json. This has the effect of immediately rolling out
+            // new CLI versions to all users running the latest Action.
+            //
+            // A drawback of this approach relates to the small number of users that run old versions of
+            // the Action on Dotcom. As a result of this approach, if we misconfigure the feature flags
+            // then these users will experience some alert churn. This is because the CLI version in the
+            // defaults.json shipped with an old version of the Action is likely older than the CLI
+            // version that would have been specified by the feature flags before they were misconfigured.
+            this.logger.warning("Feature flags do not specify a default CLI version. Falling back to the CLI version " +
+                `shipped with the Action. This is ${defaults.cliVersion}.`);
+            return {
+                version: defaults.cliVersion,
+                toolsFeatureFlagsValid: this.hasAccessedRemoteFeatureFlags
+                    ? false
+                    : undefined,
+            };
        }
        const maxCliVersion = enabledFeatureFlagCliVersions.reduce((maxVersion, currentVersion) => currentVersion > maxVersion ? currentVersion : maxVersion, enabledFeatureFlagCliVersions[0]);
        this.logger.debug(`Derived default CLI version of ${maxCliVersion} from feature flags.`);
-        return maxCliVersion;
+        return { version: maxCliVersion, toolsFeatureFlagsValid: true };
    }
    async getValue(feature) {
        const response = await this.getAllFeatures();
@@ -241,6 +236,7 @@ class GitHubFeatureFlags {
        // Do nothing when not running against github.com
        if (this.gitHubVersion.type !== util.GitHubVariant.DOTCOM) {
            this.logger.debug("Not running against github.com. Disabling all toggleable features.");
+            this.hasAccessedRemoteFeatureFlags = false;
            return {};
        }
        try {
@@ -251,6 +247,7 @@ class GitHubFeatureFlags {
            const remoteFlags = response.data;
            this.logger.debug("Loaded the following default values for the feature flags from the Code Scanning API: " +
                `${JSON.stringify(remoteFlags)}`);
+            this.hasAccessedRemoteFeatureFlags = true;
            return remoteFlags;
        }
        catch (e) {
@@ -259,6 +256,7 @@ class GitHubFeatureFlags {
                    "As a result, it will not be opted into any experimental features. " +
                    "This could be because the Action is running on a pull request from a fork. If not, " +
                    `please ensure the Action has the 'security-events: write' permission. Details: ${e}`);
+                this.hasAccessedRemoteFeatureFlags = false;
                return {};
            }
            else {
@@ -269,7 +267,6 @@ class GitHubFeatureFlags {
                throw new Error(`Encountered an error while trying to determine feature enablement: ${e}`);
            }
        }
-        return {};
    }
 }
 //# sourceMappingURL=feature-flags.js.map
@@ -217,7 +217,8 @@ for (const variant of [util_1.GitHubVariant.GHAE, util_1.GitHubVariant.GHES]) {
    (0, ava_1.default)(`selects CLI from defaults.json on ${util_1.GitHubVariant[variant]}`, async (t) => {
        await (0, util_1.withTmpDir)(async (tmpDir) => {
            const features = setUpFeatureFlagTests(tmpDir);
-            t.deepEqual(await features.getDefaultCliVersion(variant), {
+            const defaultCliVersion = await features.getDefaultCliVersion(variant);
+            t.deepEqual(defaultCliVersion, {
                cliVersion: defaults.cliVersion,
                tagName: defaults.bundleVersion,
                variant,
@@ -236,19 +237,23 @@ for (const variant of [util_1.GitHubVariant.GHAE, util_1.GitHubVariant.GHES]) {
        expectedFeatureEnablement["default_codeql_version_2_12_4_enabled"] = false;
        expectedFeatureEnablement["default_codeql_version_2_12_5_enabled"] = false;
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
-        t.deepEqual(await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM), {
+        const defaultCliVersion = await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
+        t.deepEqual(defaultCliVersion, {
            cliVersion: "2.12.1",
+            toolsFeatureFlagsValid: true,
            variant: util_1.GitHubVariant.DOTCOM,
        });
    });
 });
-(0, ava_1.default)(`selects CLI v2.11.6 on Dotcom when no default version feature flags are enabled`, async (t) => {
+(0, ava_1.default)(`selects CLI from defaults.json on Dotcom when no default version feature flags are enabled`, async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const featureEnablement = setUpFeatureFlagTests(tmpDir);
        const expectedFeatureEnablement = initializeFeatures(true);
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
-        t.deepEqual(await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM), {
-            cliVersion: "2.11.6",
+        const defaultCliVersion = await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
+        t.deepEqual(defaultCliVersion, {
+            cliVersion: defaults.cliVersion,
+            toolsFeatureFlagsValid: false,
            variant: util_1.GitHubVariant.DOTCOM,
        });
    });
@@ -263,8 +268,10 @@ for (const variant of [util_1.GitHubVariant.GHAE, util_1.GitHubVariant.GHES]) {
        expectedFeatureEnablement["default_codeql_version_2_12_invalid_enabled"] =
            true;
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
-        t.deepEqual(await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM), {
+        const defaultCliVersion = await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
+        t.deepEqual(defaultCliVersion, {
            cliVersion: "2.12.1",
+            toolsFeatureFlagsValid: true,
            variant: util_1.GitHubVariant.DOTCOM,
        });
        t.assert(loggedMessages.find((v) => v.type === "warning" &&
@@ -36,42 +36,63 @@ const repository_1 = require("./repository");
 const trap_caching_1 = require("./trap-caching");
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
-async function sendSuccessStatusReport(startedAt, config, toolsVersion, logger) {
-    const statusReportBase = await (0, actions_util_1.createStatusReportBase)("init", "success", startedAt);
-    const languages = config.languages.join(",");
+async function sendInitStatusReport(actionStatus, startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger) {
+    const statusReportBase = await (0, actions_util_1.createStatusReportBase)("init", actionStatus, startedAt);
    const workflowLanguages = (0, actions_util_1.getOptionalInput)("languages");
-    const paths = (config.originalUserInput.paths || []).join(",");
-    const pathsIgnore = (config.originalUserInput["paths-ignore"] || []).join(",");
-    const disableDefaultQueries = config.originalUserInput["disable-default-queries"]
-        ? languages
-        : "";
-    const queries = [];
-    let queriesInput = (0, actions_util_1.getOptionalInput)("queries")?.trim();
-    if (queriesInput === undefined || queriesInput.startsWith("+")) {
-        queries.push(...(config.originalUserInput.queries || []).map((q) => q.uses));
-    }
-    if (queriesInput !== undefined) {
-        queriesInput = queriesInput.startsWith("+")
-            ? queriesInput.slice(1)
-            : queriesInput;
-        queries.push(...queriesInput.split(","));
-    }
-    const statusReport = {
+    const initStatusReport = {
        ...statusReportBase,
-        disable_default_queries: disableDefaultQueries,
-        languages,
-        ml_powered_javascript_queries: (0, util_1.getMlPoweredJsQueriesStatus)(config),
-        paths,
-        paths_ignore: pathsIgnore,
-        queries: queries.join(","),
        tools_input: (0, actions_util_1.getOptionalInput)("tools") || "",
        tools_resolved_version: toolsVersion,
+        tools_source: toolsSource || init_1.ToolsSource.Unknown,
        workflow_languages: workflowLanguages || "",
-        trap_cache_languages: Object.keys(config.trapCaches).join(","),
-        trap_cache_download_size_bytes: Math.round(await (0, trap_caching_1.getTotalCacheSize)(config.trapCaches, logger)),
-        trap_cache_download_duration_ms: Math.round(config.trapCacheDownloadTime),
    };
-    await (0, actions_util_1.sendStatusReport)(statusReport);
+    const initToolsDownloadFields = {};
+    if (toolsDownloadDurationMs !== undefined) {
+        initToolsDownloadFields.tools_download_duration_ms =
+            toolsDownloadDurationMs;
+    }
+    if (toolsFeatureFlagsValid !== undefined) {
+        initToolsDownloadFields.tools_feature_flags_valid = toolsFeatureFlagsValid;
+    }
+    if (config !== undefined) {
+        const languages = config.languages.join(",");
+        const paths = (config.originalUserInput.paths || []).join(",");
+        const pathsIgnore = (config.originalUserInput["paths-ignore"] || []).join(",");
+        const disableDefaultQueries = config.originalUserInput["disable-default-queries"]
+            ? languages
+            : "";
+        const queries = [];
+        let queriesInput = (0, actions_util_1.getOptionalInput)("queries")?.trim();
+        if (queriesInput === undefined || queriesInput.startsWith("+")) {
+            queries.push(...(config.originalUserInput.queries || []).map((q) => q.uses));
+        }
+        if (queriesInput !== undefined) {
+            queriesInput = queriesInput.startsWith("+")
+                ? queriesInput.slice(1)
+                : queriesInput;
+            queries.push(...queriesInput.split(","));
+        }
+        // Append fields that are dependent on `config`
+        const initWithConfigStatusReport = {
+            ...initStatusReport,
+            disable_default_queries: disableDefaultQueries,
+            languages,
+            ml_powered_javascript_queries: (0, util_1.getMlPoweredJsQueriesStatus)(config),
+            paths,
+            paths_ignore: pathsIgnore,
+            queries: queries.join(","),
+            trap_cache_languages: Object.keys(config.trapCaches).join(","),
+            trap_cache_download_size_bytes: Math.round(await (0, trap_caching_1.getTotalCacheSize)(config.trapCaches, logger)),
+            trap_cache_download_duration_ms: Math.round(config.trapCacheDownloadTime),
+        };
+        await (0, actions_util_1.sendStatusReport)({
+            ...initWithConfigStatusReport,
+            ...initToolsDownloadFields,
+        });
+    }
+    else {
+        await (0, actions_util_1.sendStatusReport)({ ...initStatusReport, ...initToolsDownloadFields });
+    }
 }
 async function run() {
    const startedAt = new Date();
@@ -79,6 +100,9 @@ async function run() {
    (0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)());
    let config;
    let codeql;
+    let toolsDownloadDurationMs;
+    let toolsFeatureFlagsValid;
+    let toolsSource;
    let toolsVersion;
    const apiDetails = {
        auth: (0, actions_util_1.getRequiredInput)("token"),
@@ -89,18 +113,24 @@ async function run() {
    const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
    (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
    const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+    const registriesInput = (0, actions_util_1.getOptionalInput)("registries");
    const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
    try {
        const workflowErrors = await (0, workflow_1.validateWorkflow)();
        if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "starting", startedAt, workflowErrors)))) {
            return;
        }
-        const defaultCliVersion = await features.getDefaultCliVersion(gitHubVersion.type);
-        const initCodeQLResult = await (0, init_1.initCodeQL)((0, actions_util_1.getOptionalInput)("tools"), apiDetails, (0, actions_util_1.getTemporaryDirectory)(), gitHubVersion.type, await (0, util_1.shouldBypassToolcache)(features, (0, actions_util_1.getOptionalInput)("tools"), (0, actions_util_1.getOptionalInput)("languages"), repositoryNwo, logger), defaultCliVersion, logger);
+        const codeQLDefaultVersionInfo = await features.getDefaultCliVersion(gitHubVersion.type);
+        if (codeQLDefaultVersionInfo.variant === util_1.GitHubVariant.DOTCOM) {
+            toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid;
+        }
+        const initCodeQLResult = await (0, init_1.initCodeQL)((0, actions_util_1.getOptionalInput)("tools"), apiDetails, (0, actions_util_1.getTemporaryDirectory)(), gitHubVersion.type, codeQLDefaultVersionInfo, logger);
        codeql = initCodeQLResult.codeql;
+        toolsDownloadDurationMs = initCodeQLResult.toolsDownloadDurationMs;
        toolsVersion = initCodeQLResult.toolsVersion;
+        toolsSource = initCodeQLResult.toolsSource;
        await (0, util_1.enrichEnvironment)(codeql);
-        config = await (0, init_1.initConfig)((0, actions_util_1.getOptionalInput)("languages"), (0, actions_util_1.getOptionalInput)("queries"), (0, actions_util_1.getOptionalInput)("packs"), (0, actions_util_1.getOptionalInput)("registries"), (0, actions_util_1.getOptionalInput)("config-file"), (0, actions_util_1.getOptionalInput)("db-location"), await getTrapCachingEnabled(features), 
+        config = await (0, init_1.initConfig)((0, actions_util_1.getOptionalInput)("languages"), (0, actions_util_1.getOptionalInput)("queries"), (0, actions_util_1.getOptionalInput)("packs"), registriesInput, (0, actions_util_1.getOptionalInput)("config-file"), (0, actions_util_1.getOptionalInput)("db-location"), getTrapCachingEnabled(), 
        // Debug mode is enabled if:
        // - The `init` Action is passed `debug: true`.
        // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow),
@@ -144,7 +174,7 @@ async function run() {
            core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");
        }
        const sourceRoot = path.resolve((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), (0, actions_util_1.getOptionalInput)("source-root") || "");
-        const tracerConfig = await (0, init_1.runInit)(codeql, config, sourceRoot, "Runner.Worker.exe", features, logger);
+        const tracerConfig = await (0, init_1.runInit)(codeql, config, sourceRoot, "Runner.Worker.exe", registriesInput, features, apiDetails, logger);
        if (tracerConfig !== undefined) {
            for (const [key, value] of Object.entries(tracerConfig.env)) {
                core.exportVariable(key, value);
@@ -159,12 +189,12 @@ async function run() {
    catch (error) {
        core.setFailed(String(error));
        console.log(error);
-        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", (0, actions_util_1.getActionsStatus)(error), startedAt, String(error), error instanceof Error ? error.stack : undefined));
+        await sendInitStatusReport((0, actions_util_1.getActionsStatus)(error), startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger);
        return;
    }
-    await sendSuccessStatusReport(startedAt, config, toolsVersion, logger);
+    await sendInitStatusReport("success", startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger);
 }
-async function getTrapCachingEnabled(featureEnablement) {
+function getTrapCachingEnabled() {
    // If the workflow specified something always respect that
    const trapCaching = (0, actions_util_1.getOptionalInput)("trap-caching");
    if (trapCaching !== undefined)
@@ -172,8 +202,8 @@ async function getTrapCachingEnabled(featureEnablement) {
    // On self-hosted runners which may have slow network access, disable TRAP caching by default
    if (!(0, util_1.isHostedRunner)())
        return false;
-    // On hosted runners, respect the feature flag
-    return await featureEnablement.getValue(feature_flags_1.Feature.TrapCachingEnabled);
+    // On hosted runners, enable TRAP caching by default
+    return true;
 }
 async function runWrapper() {
    try {
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.installPythonDeps = exports.injectWindowsTracer = exports.runInit = exports.initConfig = exports.initCodeQL = void 0;
+exports.installPythonDeps = exports.injectWindowsTracer = exports.runInit = exports.initConfig = exports.initCodeQL = exports.ToolsSource = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
@@ -34,12 +34,19 @@ const configUtils = __importStar(require("./config-utils"));
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
-async function initCodeQL(toolsInput, apiDetails, tempDir, variant, bypassToolcache, defaultCliVersion, logger) {
+var ToolsSource;
+(function (ToolsSource) {
+    ToolsSource["Unknown"] = "UNKNOWN";
+    ToolsSource["Local"] = "LOCAL";
+    ToolsSource["Toolcache"] = "TOOLCACHE";
+    ToolsSource["Download"] = "DOWNLOAD";
+})(ToolsSource = exports.ToolsSource || (exports.ToolsSource = {}));
+async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) {
    logger.startGroup("Setup CodeQL tools");
-    const { codeql, toolsVersion } = await (0, codeql_1.setupCodeQL)(toolsInput, apiDetails, tempDir, variant, bypassToolcache, defaultCliVersion, logger, true);
+    const { codeql, toolsDownloadDurationMs, toolsSource, toolsVersion } = await (0, codeql_1.setupCodeQL)(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, true);
    await codeql.printVersion();
    logger.endGroup();
-    return { codeql, toolsVersion };
+    return { codeql, toolsDownloadDurationMs, toolsSource, toolsVersion };
 }
 exports.initCodeQL = initCodeQL;
 async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureEnablement, logger) {
@@ -50,12 +57,26 @@ async function initConfig(languagesInput, queriesInput, packsInput, registriesIn
    return config;
 }
 exports.initConfig = initConfig;
-async function runInit(codeql, config, sourceRoot, processName, featureEnablement, logger) {
+async function runInit(codeql, config, sourceRoot, processName, registriesInput, featureEnablement, apiDetails, logger) {
    fs.mkdirSync(config.dbLocation, { recursive: true });
    try {
        if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
+            // When parsing the codeql config in the CLI, we have not yet created the qlconfig file.
+            // So, create it now.
+            // If we are parsing the config file in the Action, then the qlconfig file was already created
+            // before the `pack download` command was invoked. It is not required for the init command.
+            let registriesAuthTokens;
+            let qlconfigFile;
+            if (await util.useCodeScanningConfigInCli(codeql, featureEnablement)) {
+                ({ registriesAuthTokens, qlconfigFile } =
+                    await configUtils.generateRegistries(registriesInput, codeql, config.tempDir, logger));
+            }
+            await configUtils.wrapEnvironment({
+                GITHUB_TOKEN: apiDetails.auth,
+                CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
+            }, 
            // Init a database cluster
-            await codeql.databaseInitCluster(config, sourceRoot, processName, featureEnablement, logger);
+            async () => await codeql.databaseInitCluster(config, sourceRoot, processName, featureEnablement, qlconfigFile, logger));
        }
        else {
            for (const language of config.languages) {
@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isScannedLanguage = exports.isTracedLanguage = exports.parseLanguage = exports.resolveAlias = exports.KOTLIN_SWIFT_BYPASS = exports.LANGUAGE_ALIASES = exports.Language = void 0;
+exports.isScannedLanguage = exports.isTracedLanguage = exports.parseLanguage = exports.resolveAlias = exports.LANGUAGE_ALIASES = exports.Language = void 0;
 // All the languages supported by CodeQL
 var Language;
 (function (Language) {
@@ -21,7 +21,6 @@ exports.LANGUAGE_ALIASES = {
    kotlin: Language.java,
    typescript: Language.javascript,
 };
-exports.KOTLIN_SWIFT_BYPASS = ["kotlin", "swift"];
 function resolveAlias(lang) {
    return exports.LANGUAGE_ALIASES[lang] || lang;
 }
@@ -1 +1 @@
-{"version":3,"file":"languages.js","sourceRoot":"","sources":["../src/languages.ts"],"names":[],"mappings":";;;AAAA,wCAAwC;AACxC,IAAY,QASX;AATD,WAAY,QAAQ;IAClB,6BAAiB,CAAA;IACjB,uBAAW,CAAA;IACX,qBAAS,CAAA;IACT,yBAAa,CAAA;IACb,qCAAyB,CAAA;IACzB,6BAAiB,CAAA;IACjB,yBAAa,CAAA;IACb,2BAAe,CAAA;AACjB,CAAC,EATW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QASnB;AAED,iCAAiC;AACpB,QAAA,gBAAgB,GAAiC;IAC5D,CAAC,EAAE,QAAQ,CAAC,GAAG;IACf,KAAK,EAAE,QAAQ,CAAC,GAAG;IACnB,IAAI,EAAE,QAAQ,CAAC,MAAM;IACrB,MAAM,EAAE,QAAQ,CAAC,IAAI;IACrB,UAAU,EAAE,QAAQ,CAAC,UAAU;CAChC,CAAC;AAIW,QAAA,mBAAmB,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AAEvD,SAAgB,YAAY,CAAC,IAAqB;IAChD,OAAO,wBAAgB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;AACxC,CAAC;AAFD,oCAEC;AAED;;;;;;;;;GASG;AACH,SAAgB,aAAa,CAAC,QAAgB;IAC5C,0BAA0B;IAC1B,QAAQ,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAEzC,6BAA6B;IAC7B,IAAI,QAAQ,IAAI,QAAQ,EAAE;QACxB,OAAO,QAAoB,CAAC;KAC7B;IAED,iEAAiE;IACjE,oCAAoC;IACpC,IAAI,QAAQ,IAAI,wBAAgB,EAAE;QAChC,OAAO,QAAQ,CAAC;KACjB;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAhBD,sCAgBC;AAED,SAAgB,gBAAgB,CAAC,QAAkB;IACjD,OAAO;QACL,QAAQ,CAAC,GAAG;QACZ,QAAQ,CAAC,MAAM;QACf,QAAQ,CAAC,EAAE;QACX,QAAQ,CAAC,IAAI;QACb,QAAQ,CAAC,KAAK;KACf,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACvB,CAAC;AARD,4CAQC;AAED,SAAgB,iBAAiB,CAAC,QAAkB;IAClD,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAFD,8CAEC"}
+{"version":3,"file":"languages.js","sourceRoot":"","sources":["../src/languages.ts"],"names":[],"mappings":";;;AAAA,wCAAwC;AACxC,IAAY,QASX;AATD,WAAY,QAAQ;IAClB,6BAAiB,CAAA;IACjB,uBAAW,CAAA;IACX,qBAAS,CAAA;IACT,yBAAa,CAAA;IACb,qCAAyB,CAAA;IACzB,6BAAiB,CAAA;IACjB,yBAAa,CAAA;IACb,2BAAe,CAAA;AACjB,CAAC,EATW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QASnB;AAED,iCAAiC;AACpB,QAAA,gBAAgB,GAAiC;IAC5D,CAAC,EAAE,QAAQ,CAAC,GAAG;IACf,KAAK,EAAE,QAAQ,CAAC,GAAG;IACnB,IAAI,EAAE,QAAQ,CAAC,MAAM;IACrB,MAAM,EAAE,QAAQ,CAAC,IAAI;IACrB,UAAU,EAAE,QAAQ,CAAC,UAAU;CAChC,CAAC;AAIF,SAAgB,YAAY,CAAC,IAAqB;IAChD,OAAO,wBAAgB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;AACxC,CAAC;AAFD,oCAEC;AAED;;;;;;;;;GASG;AACH,SAAgB,aAAa,CAAC,QAAgB;IAC5C,0BAA0B;IAC1B,QAAQ,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAEzC,6BAA6B;IAC7B,IAAI,QAAQ,IAAI,QAAQ,EAAE;QACxB,OAAO,QAAoB,CAAC;KAC7B;IAED,iEAAiE;IACjE,oCAAoC;IACpC,IAAI,QAAQ,IAAI,wBAAgB,EAAE;QAChC,OAAO,QAAQ,CAAC;KACjB;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAhBD,sCAgBC;AAED,SAAgB,gBAAgB,CAAC,QAAkB;IACjD,OAAO;QACL,QAAQ,CAAC,GAAG;QACZ,QAAQ,CAAC,MAAM;QACf,QAAQ,CAAC,EAAE;QACX,QAAQ,CAAC,IAAI;QACb,QAAQ,CAAC,KAAK;KACf,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACvB,CAAC;AARD,4CAQC;AAED,SAAgB,iBAAiB,CAAC,QAAkB;IAClD,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAFD,8CAEC"}
@@ -26,9 +26,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.setupCodeQLBundle = exports.getCodeQLURLVersion = exports.downloadCodeQL = exports.getCodeQLSource = exports.convertToSemVer = exports.getBundleVersionFromUrl = exports.tryFindCliVersionDotcomOnly = exports.findCodeQLBundleTagDotcomOnly = exports.getCodeQLActionRepository = exports.CODEQL_DEFAULT_ACTION_REPOSITORY = void 0;
+exports.setupCodeQLBundle = exports.getCodeQLURLVersion = exports.downloadCodeQL = exports.tryGetFallbackToolcacheVersion = exports.getCodeQLSource = exports.convertToSemVer = exports.tryGetBundleVersionFromUrl = exports.tryFindCliVersionDotcomOnly = exports.findCodeQLBundleTagDotcomOnly = exports.getCodeQLActionRepository = exports.CODEQL_DEFAULT_ACTION_REPOSITORY = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const perf_hooks_1 = require("perf_hooks");
 const toolcache = __importStar(require("@actions/tool-cache"));
 const fast_deep_equal_1 = __importDefault(require("fast-deep-equal"));
 const semver = __importStar(require("semver"));
@@ -39,6 +40,7 @@ const api = __importStar(require("./api-client"));
 // creation scripts. Ensure that any changes to the format of this file are compatible with both of
 // these dependents.
 const defaults = __importStar(require("./defaults.json"));
+const init_1 = require("./init");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 exports.CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
@@ -209,14 +211,30 @@ async function getCodeQLBundleDownloadURL(tagName, apiDetails, variant, logger)
    }
    return `https://github.com/${exports.CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${tagName}/${codeQLBundleName}`;
 }
-function getBundleVersionFromUrl(url) {
-    const match = url.match(/\/codeql-bundle-(.*)\//);
+function tryGetBundleVersionFromTagName(tagName, logger) {
+    const match = tagName.match(/^codeql-bundle-(.*)$/);
    if (match === null || match.length < 2) {
-        throw new Error(`Malformed tools url: ${url}. Bundle version could not be inferred`);
+        logger.debug(`Could not determine bundle version from tag ${tagName}.`);
+        return undefined;
    }
    return match[1];
 }
-exports.getBundleVersionFromUrl = getBundleVersionFromUrl;
+function tryGetTagNameFromUrl(url, logger) {
+    const match = url.match(/\/(codeql-bundle-.*)\//);
+    if (match === null || match.length < 2) {
+        logger.debug(`Could not determine tag name for URL ${url}.`);
+        return undefined;
+    }
+    return match[1];
+}
+function tryGetBundleVersionFromUrl(url, logger) {
+    const tagName = tryGetTagNameFromUrl(url, logger);
+    if (tagName === undefined) {
+        return undefined;
+    }
+    return tryGetBundleVersionFromTagName(tagName, logger);
+}
+exports.tryGetBundleVersionFromUrl = tryGetBundleVersionFromUrl;
 function convertToSemVer(version, logger) {
    if (!semver.valid(version)) {
        logger.debug(`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`);
@@ -229,18 +247,10 @@ function convertToSemVer(version, logger) {
    return s;
 }
 exports.convertToSemVer = convertToSemVer;
-async function getOrFindBundleTagName(version, logger) {
-    if (version.variant === util.GitHubVariant.DOTCOM) {
-        return await findCodeQLBundleTagDotcomOnly(version.cliVersion, logger);
-    }
-    else {
-        return version.tagName;
-    }
-}
 /**
 * Look for a version of the CodeQL tools in the cache which could override the requested CLI version.
 */
-async function findOverridingToolsInCache(requestedCliVersion, logger) {
+async function findOverridingToolsInCache(humanReadableVersion, logger) {
    const candidates = toolcache
        .findAllVersions("CodeQL")
        .filter(util_1.isGoodVersion)
@@ -251,7 +261,7 @@ async function findOverridingToolsInCache(requestedCliVersion, logger) {
        .filter(({ folder }) => fs.existsSync(path.join(folder, "pinned-version")));
    if (candidates.length === 1) {
        const candidate = candidates[0];
-        logger.debug(`CodeQL tools version ${candidate.version} in toolcache overriding version ${requestedCliVersion}.`);
+        logger.debug(`CodeQL tools version ${candidate.version} in toolcache overriding version ${humanReadableVersion}.`);
        return {
            codeqlFolder: candidate.folder,
            sourceType: "toolcache",
@@ -267,7 +277,7 @@ async function findOverridingToolsInCache(requestedCliVersion, logger) {
    }
    return undefined;
 }
-async function getCodeQLSource(toolsInput, bypassToolcache, defaultCliVersion, apiDetails, variant, logger) {
+async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, logger) {
    if (toolsInput && toolsInput !== "latest" && !toolsInput.startsWith("http")) {
        return {
            codeqlTarPath: toolsInput,
@@ -275,124 +285,166 @@ async function getCodeQLSource(toolsInput, bypassToolcache, defaultCliVersion, a
            toolsVersion: "local",
        };
    }
-    const forceLatestReason = 
-    // We use the special value of 'latest' to prioritize the version in the
-    // defaults over any pinned cached version.
-    toolsInput === "latest"
-        ? '"tools: latest" was requested'
-        : // If the user hasn't requested a particular CodeQL version, then bypass
-            // the toolcache when the appropriate feature is enabled. This
-            // allows us to quickly rollback a broken bundle that has made its way
-            // into the toolcache.
-            toolsInput === undefined && bypassToolcache
-                ? "a specific version of the CodeQL tools was not requested and the bypass toolcache feature is enabled"
-                : undefined;
-    const forceLatest = forceLatestReason !== undefined;
-    if (forceLatest) {
-        logger.debug(`Forcing the latest version of the CodeQL tools since ${forceLatestReason}.`);
-    }
    /**
-     * The requested version is:
+     * Whether the tools shipped with the Action, i.e. those in `defaults.json`, have been forced.
     *
-     * 1. The one in `defaults.json`, if forceLatest is true.
-     * 2. The version specified by the tools input URL, if one was provided.
-     * 3. The default CLI version, otherwise.
-    
-     * We include a `variant` property to let us verify using the type system that
-     * `tagName` is only undefined when the variant is Dotcom. This lets us ensure
-     * that we can always compute `tagName`, either by using the existing tag name
-     * on enterprise instances, or calling `findCodeQLBundleTagDotcomOnly` on
-     * Dotcom.
+     * We use the special value of 'latest' to prioritize the version in `defaults.json` over the
+     * version specified by the feature flags on Dotcom and over any pinned cached version on
+     * Enterprise Server.
     */
-    const requestedVersion = forceLatest
-        ? // case 1
-            {
-                cliVersion: defaults.cliVersion,
-                syntheticCliVersion: defaults.cliVersion,
-                tagName: defaults.bundleVersion,
-                variant,
-            }
-        : toolsInput !== undefined
-            ? // case 2
-                {
-                    syntheticCliVersion: convertToSemVer(getBundleVersionFromUrl(toolsInput), logger),
-                    tagName: `codeql-bundle-${getBundleVersionFromUrl(toolsInput)}`,
-                    url: toolsInput,
-                    variant,
-                }
-            : // case 3
-                {
-                    ...defaultCliVersion,
-                    syntheticCliVersion: defaultCliVersion.cliVersion,
-                };
-    // If we find the specified version, we always use that.
-    let codeqlFolder = toolcache.find("CodeQL", requestedVersion.syntheticCliVersion);
-    let tagName = requestedVersion["tagName"];
-    if (!codeqlFolder) {
-        logger.debug("Didn't find a version of the CodeQL tools in the toolcache with a version number " +
-            `exactly matching ${requestedVersion.syntheticCliVersion}.`);
-        if (requestedVersion.cliVersion) {
+    const forceShippedTools = toolsInput === "latest";
+    if (forceShippedTools) {
+        logger.info("Overriding the version of the CodeQL tools by the version shipped with the Action since " +
+            `"tools: latest" was requested.`);
+    }
+    /** CLI version number, for example 2.12.1. */
+    let cliVersion;
+    /** Tag name of the CodeQL bundle, for example `codeql-bundle-20230120`. */
+    let tagName;
+    /**
+     * URL of the CodeQL bundle.
+     *
+     * This does not always include a tag name.
+     */
+    let url;
+    if (forceShippedTools) {
+        cliVersion = defaults.cliVersion;
+        tagName = defaults.bundleVersion;
+    }
+    else if (toolsInput !== undefined) {
+        // If a tools URL was provided, then use that.
+        tagName = tryGetTagNameFromUrl(toolsInput, logger);
+        url = toolsInput;
+    }
+    else {
+        // Otherwise, use the default CLI version passed in.
+        cliVersion = defaultCliVersion.cliVersion;
+        tagName = defaultCliVersion["tagName"];
+    }
+    const bundleVersion = tagName && tryGetBundleVersionFromTagName(tagName, logger);
+    const humanReadableVersion = cliVersion ??
+        (bundleVersion && convertToSemVer(bundleVersion, logger)) ??
+        tagName ??
+        url ??
+        "unknown";
+    logger.debug("Attempting to obtain CodeQL tools. " +
+        `CLI version: ${cliVersion ?? "unknown"}, ` +
+        `bundle tag name: ${tagName ?? "unknown"}, ` +
+        `URL: ${url ?? "unspecified"}.`);
+    let codeqlFolder;
+    if (cliVersion) {
+        // If we find the specified CLI version, we always use that.
+        codeqlFolder = toolcache.find("CodeQL", cliVersion);
+        // Fall back to matching `x.y.z-<tagName>`.
+        if (!codeqlFolder) {
+            logger.debug("Didn't find a version of the CodeQL tools in the toolcache with a version number " +
+                `exactly matching ${cliVersion}.`);
            const allVersions = toolcache.findAllVersions("CodeQL");
            logger.debug(`Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify(allVersions)}.`);
            // If there is exactly one version of the CodeQL tools in the toolcache, and that version is
            // the form `x.y.z-<tagName>`, then use it.
-            const candidateVersions = allVersions.filter((version) => version.startsWith(`${requestedVersion.cliVersion}-`));
+            const candidateVersions = allVersions.filter((version) => version.startsWith(`${cliVersion}-`));
            if (candidateVersions.length === 1) {
-                logger.debug("Exactly one candidate version found, using that.");
+                logger.debug(`Exactly one version of the CodeQL tools starting with ${cliVersion} found in the ` +
+                    "toolcache, using that.");
                codeqlFolder = toolcache.find("CodeQL", candidateVersions[0]);
            }
+            else if (candidateVersions.length === 0) {
+                logger.debug(`Didn't find any versions of the CodeQL tools starting with ${cliVersion} ` +
+                    `in the toolcache. Trying next fallback method.`);
+            }
            else {
-                logger.debug("Did not find exactly one version of the CodeQL tools starting with the requested version.");
+                logger.warning(`Found ${candidateVersions.length} versions of the CodeQL tools starting with ` +
+                    `${cliVersion} in the toolcache, but at most one was expected.`);
+                logger.debug("Trying next fallback method.");
            }
        }
    }
-    if (!codeqlFolder && requestedVersion.cliVersion) {
-        // Fall back to accepting a `0.0.0-<tagName>` version if we didn't find the
-        // `x.y.z` version. This is to support old versions of the toolcache.
-        //
-        // If we are on Dotcom, we will make an HTTP request to the Releases API here
-        // to find the tag name for the requested version.
-        tagName =
-            tagName || (await getOrFindBundleTagName(requestedVersion, logger));
-        const fallbackVersion = convertToSemVer(tagName, logger);
-        logger.debug(`Computed a fallback toolcache version number of ${fallbackVersion} for CodeQL tools version ` +
-            `${requestedVersion.cliVersion}.`);
-        codeqlFolder = toolcache.find("CodeQL", fallbackVersion);
+    // Fall back to matching `0.0.0-<bundleVersion>`.
+    if (!codeqlFolder && (cliVersion || tagName)) {
+        if (cliVersion || tagName) {
+            const fallbackVersion = await tryGetFallbackToolcacheVersion(cliVersion, tagName, variant, logger);
+            if (fallbackVersion) {
+                codeqlFolder = toolcache.find("CodeQL", fallbackVersion);
+            }
+            else {
+                logger.debug("Could not determine a fallback toolcache version number for CodeQL tools version " +
+                    `${humanReadableVersion}.`);
+            }
+        }
+        else {
+            logger.debug("Both the CLI version and the bundle version are unknown, so we will not be able to find " +
+                "the requested version of the CodeQL tools in the toolcache.");
+        }
+    }
+    if (codeqlFolder) {
+        logger.info(`Found CodeQL tools version ${humanReadableVersion} in the toolcache.`);
+    }
+    else {
+        logger.info(`Did not find CodeQL tools version ${humanReadableVersion} in the toolcache.`);
    }
    if (codeqlFolder) {
        return {
            codeqlFolder,
            sourceType: "toolcache",
-            toolsVersion: requestedVersion.syntheticCliVersion,
+            toolsVersion: cliVersion ?? humanReadableVersion,
        };
    }
-    logger.debug(`Did not find CodeQL tools version ${requestedVersion.syntheticCliVersion} in the toolcache.`);
    // If we don't find the requested version on Enterprise, we may allow a
    // different version to save download time if the version hasn't been
    // specified explicitly (in which case we always honor it).
-    if (variant !== util.GitHubVariant.DOTCOM && !forceLatest && !toolsInput) {
-        const result = await findOverridingToolsInCache(requestedVersion.syntheticCliVersion, logger);
+    if (variant !== util.GitHubVariant.DOTCOM &&
+        !forceShippedTools &&
+        !toolsInput) {
+        const result = await findOverridingToolsInCache(humanReadableVersion, logger);
        if (result !== undefined) {
            return result;
        }
    }
+    if (!url) {
+        if (!tagName && cliVersion && variant === util.GitHubVariant.DOTCOM) {
+            tagName = await findCodeQLBundleTagDotcomOnly(cliVersion, logger);
+        }
+        else if (!tagName) {
+            throw new Error(`Could not obtain the requested version (${humanReadableVersion}) of the CodeQL tools ` +
+                "since we could not compute the tag name.");
+        }
+        url = await getCodeQLBundleDownloadURL(tagName, apiDetails, variant, logger);
+    }
    return {
-        cliVersion: requestedVersion.cliVersion || undefined,
-        codeqlURL: requestedVersion["url"] ||
-            (await getCodeQLBundleDownloadURL(tagName ||
-                // The check on `requestedVersion.tagName` is redundant but lets us
-                // use the property that if we don't know `requestedVersion.tagName`,
-                // then we must know `requestedVersion.cliVersion`. This property is
-                // required by the type of `getOrFindBundleTagName`.
-                (requestedVersion.tagName !== undefined
-                    ? requestedVersion.tagName
-                    : await getOrFindBundleTagName(requestedVersion, logger)), apiDetails, variant, logger)),
+        bundleVersion: tagName && tryGetBundleVersionFromTagName(tagName, logger),
+        cliVersion,
+        codeqlURL: url,
        sourceType: "download",
-        toolsVersion: requestedVersion.syntheticCliVersion,
+        toolsVersion: cliVersion ?? humanReadableVersion,
    };
 }
 exports.getCodeQLSource = getCodeQLSource;
-async function downloadCodeQL(codeqlURL, maybeCliVersion, apiDetails, variant, tempDir, logger) {
+/**
+ * Gets a fallback version number to use when looking for CodeQL in the toolcache if we didn't find
+ * the `x.y.z` version. This is to support old versions of the toolcache.
+ */
+async function tryGetFallbackToolcacheVersion(cliVersion, tagName, variant, logger) {
+    //
+    // If we are on Dotcom, we will make an HTTP request to the Releases API here
+    // to find the tag name for the requested version.
+    if (cliVersion && !tagName && variant === util.GitHubVariant.DOTCOM) {
+        tagName = await findCodeQLBundleTagDotcomOnly(cliVersion, logger);
+    }
+    if (!tagName) {
+        return undefined;
+    }
+    const bundleVersion = tryGetBundleVersionFromTagName(tagName, logger);
+    if (!bundleVersion) {
+        return undefined;
+    }
+    const fallbackVersion = convertToSemVer(bundleVersion, logger);
+    logger.debug(`Computed a fallback toolcache version number of ${fallbackVersion} for CodeQL version ` +
+        `${cliVersion ?? tagName}.`);
+    return fallbackVersion;
+}
+exports.tryGetFallbackToolcacheVersion = tryGetFallbackToolcacheVersion;
+async function downloadCodeQL(codeqlURL, maybeBundleVersion, maybeCliVersion, apiDetails, variant, tempDir, logger) {
    const parsedCodeQLURL = new URL(codeqlURL);
    const searchParams = new URLSearchParams(parsedCodeQLURL.search);
    const headers = {
@@ -402,12 +454,13 @@ async function downloadCodeQL(codeqlURL, maybeCliVersion, apiDetails, variant, t
    // from the same GitHub instance the Action is running on.
    // This avoids leaking Enterprise tokens to dotcom.
    // We also don't want to send an authorization header if there's already a token provided in the URL.
+    let authorization = undefined;
    if (searchParams.has("token")) {
        logger.debug("CodeQL tools URL contains an authorization token.");
    }
    else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
        logger.debug("Providing an authorization token to download CodeQL tools.");
-        headers.authorization = `token ${apiDetails.auth}`;
+        authorization = `token ${apiDetails.auth}`;
    }
    else {
        logger.debug("Downloading CodeQL tools without an authorization token.");
@@ -415,15 +468,27 @@ async function downloadCodeQL(codeqlURL, maybeCliVersion, apiDetails, variant, t
    logger.info(`Downloading CodeQL tools from ${codeqlURL}. This may take a while.`);
    const dest = path.join(tempDir, (0, uuid_1.v4)());
    const finalHeaders = Object.assign({ "User-Agent": "CodeQL Action" }, headers);
-    const codeqlPath = await toolcache.downloadTool(codeqlURL, dest, undefined, finalHeaders);
+    const toolsDownloadStart = perf_hooks_1.performance.now();
+    const codeqlPath = await toolcache.downloadTool(codeqlURL, dest, authorization, finalHeaders);
+    const toolsDownloadDurationMs = Math.round(perf_hooks_1.performance.now() - toolsDownloadStart);
    logger.debug(`CodeQL bundle download to ${codeqlPath} complete.`);
    const codeqlExtracted = await toolcache.extractTar(codeqlPath);
-    const bundleVersion = getBundleVersionFromUrl(codeqlURL);
+    const bundleVersion = maybeBundleVersion ?? tryGetBundleVersionFromUrl(codeqlURL, logger);
+    if (bundleVersion === undefined) {
+        logger.debug("Could not cache CodeQL tools because we could not determine the bundle version from the " +
+            `URL ${codeqlURL}.`);
+        return {
+            toolsVersion: maybeCliVersion ?? "unknown",
+            codeqlFolder: codeqlExtracted,
+            toolsDownloadDurationMs,
+        };
+    }
    // Try to compute the CLI version for this bundle
-    const cliVersion = maybeCliVersion ||
-        (variant === util.GitHubVariant.DOTCOM &&
-            (await tryFindCliVersionDotcomOnly(`codeql-bundle-${bundleVersion}`, logger))) ||
-        undefined;
+    if (maybeCliVersion === undefined &&
+        variant === util.GitHubVariant.DOTCOM &&
+        codeqlURL.includes(`/${exports.CODEQL_DEFAULT_ACTION_REPOSITORY}/`)) {
+        maybeCliVersion = await tryFindCliVersionDotcomOnly(`codeql-bundle-${bundleVersion}`, logger);
+    }
    // Include both the CLI version and the bundle version in the toolcache version number. That way
    // if the user requests the same URL again, we can get it from the cache without having to call
    // any of the Releases API.
@@ -433,12 +498,13 @@ async function downloadCodeQL(codeqlURL, maybeCliVersion, apiDetails, variant, t
    // CLI release. In principle, it should be enough to just check that the CLI version isn't a
    // pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`,
    // and we don't want these nightlies to override stable CLI versions in the toolcache.
-    const toolcacheVersion = cliVersion && cliVersion.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
-        ? `${cliVersion}-${bundleVersion}`
+    const toolcacheVersion = maybeCliVersion?.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
+        ? `${maybeCliVersion}-${bundleVersion}`
        : convertToSemVer(bundleVersion, logger);
    return {
-        toolsVersion: cliVersion || toolcacheVersion,
+        toolsVersion: maybeCliVersion ?? toolcacheVersion,
        codeqlFolder: await toolcache.cacheDir(codeqlExtracted, "CodeQL", toolcacheVersion),
+        toolsDownloadDurationMs,
    };
 }
 exports.downloadCodeQL = downloadCodeQL;
@@ -457,35 +523,40 @@ exports.getCodeQLURLVersion = getCodeQLURLVersion;
 * @param apiDetails
 * @param tempDir
 * @param variant
- * @param bypassToolcache
 * @param defaultCliVersion
 * @param logger
 * @param checkVersion Whether to check that CodeQL CLI meets the minimum
 *        version requirement. Must be set to true outside tests.
 * @returns the path to the extracted bundle, and the version of the tools
 */
-async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, bypassToolcache, defaultCliVersion, logger) {
-    const source = await getCodeQLSource(toolsInput, bypassToolcache, defaultCliVersion, apiDetails, variant, logger);
+async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) {
+    const source = await getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, logger);
    let codeqlFolder;
    let toolsVersion = source.toolsVersion;
+    let toolsDownloadDurationMs;
+    let toolsSource;
    switch (source.sourceType) {
        case "local":
            codeqlFolder = await toolcache.extractTar(source.codeqlTarPath);
+            toolsSource = init_1.ToolsSource.Local;
            break;
        case "toolcache":
            codeqlFolder = source.codeqlFolder;
            logger.debug(`CodeQL found in cache ${codeqlFolder}`);
+            toolsSource = init_1.ToolsSource.Toolcache;
            break;
        case "download": {
-            const result = await downloadCodeQL(source.codeqlURL, source.cliVersion, apiDetails, variant, tempDir, logger);
+            const result = await downloadCodeQL(source.codeqlURL, source.bundleVersion, source.cliVersion, apiDetails, variant, tempDir, logger);
            toolsVersion = result.toolsVersion;
            codeqlFolder = result.codeqlFolder;
+            toolsDownloadDurationMs = result.toolsDownloadDurationMs;
+            toolsSource = init_1.ToolsSource.Download;
            break;
        }
        default:
            util.assertNever(source);
    }
-    return { codeqlFolder, toolsVersion };
+    return { codeqlFolder, toolsDownloadDurationMs, toolsSource, toolsVersion };
 }
 exports.setupCodeQLBundle = setupCodeQLBundle;
 //# sourceMappingURL=setup-codeql.js.map
@@ -293,7 +293,8 @@ async function waitForProcessing(repositoryNwo, sarifID, logger, options = {
            if (Date.now() >
                statusCheckingStarted + STATUS_CHECK_TIMEOUT_MILLISECONDS) {
                // If the analysis hasn't finished processing in the allotted time, we continue anyway rather than failing.
-                // It's possible the analysis will eventually finish processing, but it's not worth spending more Actions time waiting.
+                // It's possible the analysis will eventually finish processing, but it's not worth spending more
+                // Actions time waiting.
                logger.warning("Timed out waiting for analysis to finish processing. Continuing.");
                break;
            }
@@ -329,7 +330,9 @@ async function waitForProcessing(repositoryNwo, sarifID, logger, options = {
            else {
                util.assertNever(status);
            }
-            await util.delay(STATUS_CHECK_FREQUENCY_MILLISECONDS);
+            await util.delay(STATUS_CHECK_FREQUENCY_MILLISECONDS, {
+                allowProcessExit: false,
+            });
        }
    }
    finally {
@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseMatrixInput = exports.shouldBypassToolcache = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.enrichEnvironment = exports.initializeEnvironment = exports.EnvVar = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.enrichEnvironment = exports.initializeEnvironment = exports.EnvVar = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -40,7 +40,6 @@ const apiCompatibility = __importStar(require("./api-compatibility.json"));
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const feature_flags_1 = require("./feature-flags");
-const languages_1 = require("./languages");
 const shared_environment_1 = require("./shared-environment");
 /**
 * Specifies bundle versions that are known to be broken
@@ -456,16 +455,33 @@ async function bundleDb(config, language, codeql, dbName) {
    return databaseBundlePath;
 }
 exports.bundleDb = bundleDb;
-async function delay(milliseconds) {
-    // Immediately `unref` the timer such that it only prevents the process from exiting if the
-    // surrounding promise is being awaited.
-    return new Promise((resolve) => setTimeout(resolve, milliseconds).unref());
+/**
+ * @param milliseconds time to delay
+ * @param opts options
+ * @param opts.allowProcessExit if true, the timer will not prevent the process from exiting
+ */
+async function delay(milliseconds, { allowProcessExit }) {
+    return new Promise((resolve) => {
+        const timer = setTimeout(resolve, milliseconds);
+        if (allowProcessExit) {
+            // Immediately `unref` the timer such that it only prevents the process from exiting if the
+            // surrounding promise is being awaited.
+            timer.unref();
+        }
+    });
 }
 exports.delay = delay;
 function isGoodVersion(versionSpec) {
    return !BROKEN_VERSIONS.includes(versionSpec);
 }
 exports.isGoodVersion = isGoodVersion;
+/**
+ * Checks whether the CodeQL CLI supports the `--expect-discarded-cache` command-line flag.
+ */
+async function supportExpectDiscardedCache(codeQL) {
+    return codeQlVersionAbove(codeQL, "2.12.1");
+}
+exports.supportExpectDiscardedCache = supportExpectDiscardedCache;
 exports.ML_POWERED_JS_QUERIES_PACK_NAME = "codeql/javascript-experimental-atm-queries";
 /**
 * Gets the ML-powered JS query pack to add to the analysis if a repo is opted into the ML-powered
@@ -637,7 +653,7 @@ async function withTimeout(timeoutMs, promise, onTimeout) {
        return result;
    };
    const timeoutTask = async () => {
-        await delay(timeoutMs);
+        await delay(timeoutMs, { allowProcessExit: true });
        if (!finished) {
            // Workaround: While the promise racing below will allow the main code
            // to continue, the process won't normally exit until the asynchronous
@@ -660,7 +676,7 @@ exports.withTimeout = withTimeout;
 async function checkForTimeout() {
    if (hadTimeout === true) {
        core.info("A timeout occurred, force exiting the process after 30 seconds to prevent hanging.");
-        await delay(30000);
+        await delay(30000, { allowProcessExit: true });
        process.exit();
    }
 }
@@ -685,45 +701,6 @@ function isHostedRunner() {
        process.env["RUNNER_TOOL_CACHE"]?.includes("hostedtoolcache"));
 }
 exports.isHostedRunner = isHostedRunner;
-/**
- *
- * @param featuresEnablement The features enabled for the current run
- * @param languagesInput Languages input from the workflow
- * @param repository The owner/name of the repository
- * @param logger A logger
- * @returns A boolean indicating whether or not the toolcache should be bypassed and the latest codeql should be downloaded.
- */
-async function shouldBypassToolcache(featuresEnablement, codeqlUrl, languagesInput, repository, logger) {
-    // An explicit codeql url is specified, that means the toolcache will not be used.
-    if (codeqlUrl) {
-        return true;
-    }
-    // Check if the toolcache is disabled for all languages
-    if (await featuresEnablement.getValue(feature_flags_1.Feature.BypassToolcacheEnabled)) {
-        return true;
-    }
-    // Check if the toolcache is disabled for kotlin and swift.
-    if (!(await featuresEnablement.getValue(feature_flags_1.Feature.BypassToolcacheKotlinSwiftEnabled))) {
-        return false;
-    }
-    // Now check to see if kotlin or swift is one of the languages being analyzed.
-    const { rawLanguages, autodetected } = await (0, config_utils_1.getRawLanguages)(languagesInput, repository, logger);
-    let bypass = rawLanguages.some((lang) => languages_1.KOTLIN_SWIFT_BYPASS.includes(lang));
-    if (bypass) {
-        logger.info(`Bypassing toolcache for kotlin or swift. Languages: ${rawLanguages}`);
-    }
-    else if (!autodetected && rawLanguages.includes(languages_1.Language.java)) {
-        // special case: java was explicitly specified, but there might be
-        // some kotlin in the repository, so we need to make a request for that.
-        const langsInRepo = await (0, config_utils_1.getLanguagesInRepo)(repository, logger);
-        if (langsInRepo.includes("kotlin")) {
-            logger.info(`Bypassing toolcache for kotlin.`);
-            bypass = true;
-        }
-    }
-    return bypass;
-}
-exports.shouldBypassToolcache = shouldBypassToolcache;
 function parseMatrixInput(matrixInput) {
    if (matrixInput === undefined || matrixInput === "null") {
        return undefined;
@@ -33,9 +33,7 @@ const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
 const api = __importStar(require("./api-client"));
-const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
-const repository_1 = require("./repository");
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
 (0, testing_utils_1.setupTests)(ava_1.default);
@@ -325,117 +323,4 @@ const shortTime = 10;
    t.deepEqual(shortTaskTimedOut, false);
    t.deepEqual(result, 99);
 });
-const mockRepositoryNwo = (0, repository_1.parseRepositoryNwo)("owner/repo");
-// eslint-disable-next-line github/array-foreach
-[
-    {
-        name: "disabled",
-        features: [],
-        hasCustomCodeQL: false,
-        languagesInput: undefined,
-        languagesInRepository: [],
-        expected: false,
-        expectedApiCall: false,
-    },
-    {
-        name: "disabled even though swift kotlin bypassed",
-        features: [feature_flags_1.Feature.BypassToolcacheKotlinSwiftEnabled],
-        hasCustomCodeQL: false,
-        languagesInput: undefined,
-        languagesInRepository: [],
-        expected: false,
-        expectedApiCall: true,
-    },
-    {
-        name: "disabled even though swift kotlin analyzed",
-        features: [],
-        hasCustomCodeQL: false,
-        languagesInput: " sWiFt , KoTlIn ",
-        languagesInRepository: [],
-        expected: false,
-        expectedApiCall: false,
-    },
-    {
-        name: "toolcache bypass all",
-        features: [feature_flags_1.Feature.BypassToolcacheEnabled],
-        hasCustomCodeQL: false,
-        languagesInput: undefined,
-        languagesInRepository: [],
-        expected: true,
-        expectedApiCall: false,
-    },
-    {
-        name: "custom CodeQL",
-        features: [],
-        hasCustomCodeQL: true,
-        languagesInput: undefined,
-        languagesInRepository: [],
-        expected: true,
-        expectedApiCall: false,
-    },
-    {
-        name: "bypass swift",
-        features: [feature_flags_1.Feature.BypassToolcacheKotlinSwiftEnabled],
-        hasCustomCodeQL: false,
-        languagesInput: " sWiFt ,other",
-        languagesInRepository: [],
-        expected: true,
-        expectedApiCall: false,
-    },
-    {
-        name: "bypass kotlin",
-        features: [feature_flags_1.Feature.BypassToolcacheKotlinSwiftEnabled],
-        hasCustomCodeQL: false,
-        languagesInput: "other, KoTlIn ",
-        languagesInRepository: [],
-        expected: true,
-        expectedApiCall: false,
-    },
-    {
-        name: "bypass kotlin language from repository",
-        features: [feature_flags_1.Feature.BypassToolcacheKotlinSwiftEnabled],
-        hasCustomCodeQL: false,
-        languagesInput: "",
-        languagesInRepository: ["KoTlIn", "other"],
-        expected: true,
-        expectedApiCall: true,
-    },
-    {
-        name: "bypass swift language from repository",
-        features: [feature_flags_1.Feature.BypassToolcacheKotlinSwiftEnabled],
-        hasCustomCodeQL: false,
-        languagesInput: "",
-        languagesInRepository: ["SwiFt", "other"],
-        expected: true,
-        expectedApiCall: true,
-    },
-    {
-        name: "bypass java from input if there is kotlin in repository",
-        features: [feature_flags_1.Feature.BypassToolcacheKotlinSwiftEnabled],
-        hasCustomCodeQL: false,
-        languagesInput: "java",
-        languagesInRepository: ["kotlin", "other"],
-        expected: true,
-        expectedApiCall: true,
-    },
-    {
-        name: "don't bypass java from input if there is no kotlin in repository",
-        features: [feature_flags_1.Feature.BypassToolcacheKotlinSwiftEnabled],
-        hasCustomCodeQL: false,
-        languagesInput: "java",
-        languagesInRepository: ["java", "other"],
-        expected: false,
-        expectedApiCall: true,
-    },
-].forEach((args) => {
-    (0, ava_1.default)(`shouldBypassToolcache: ${args.name}`, async (t) => {
-        const mockRequest = (0, testing_utils_1.mockLanguagesInRepo)(args.languagesInRepository);
-        const mockLogger = (0, logging_1.getRunnerLogger)(true);
-        const featureEnablement = (0, testing_utils_1.createFeatures)(args.features);
-        const codeqlUrl = args.hasCustomCodeQL ? "custom-codeql-url" : undefined;
-        const actual = await util.shouldBypassToolcache(featureEnablement, codeqlUrl, args.languagesInput, mockRepositoryNwo, mockLogger);
-        t.deepEqual(actual, args.expected);
-        t.deepEqual(mockRequest.called, args.expectedApiCall);
-    });
-});
 //# sourceMappingURL=util.test.js.map
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "2.2.0",
+  "version": "2.2.6",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
@@ -557,9 +557,9 @@
      }
    },
    "node_modules/@octokit/openapi-types": {
-      "version": "14.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-14.0.0.tgz",
-      "integrity": "sha512-HNWisMYlR8VCnNurDU6os2ikx0s0VyEjDYHNS/h4cgb8DeOxQ0n72HyinUtdDVxJhFy3FWLGl0DJhfEWk3P5Iw=="
+      "version": "16.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-16.0.0.tgz",
+      "integrity": "sha512-JbFWOqTJVLHZSUUoF4FzAZKYtqdxWu9Z5m2QQnOyEa04fOFljvyh7D3GYKbfuaSWisqehImiVIMG4eyJeP5VEA=="
    },
    "node_modules/@octokit/plugin-paginate-rest": {
      "version": "2.4.0",
@@ -596,25 +596,18 @@
      }
    },
    "node_modules/@octokit/plugin-retry": {
-      "version": "3.0.9",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-retry/-/plugin-retry-3.0.9.tgz",
-      "integrity": "sha512-r+fArdP5+TG6l1Rv/C9hVoty6tldw6cE2pRHNGmFPdyfrc696R6JjrQ3d7HdVqGwuzfyrcaLAKD7K8TX8aehUQ==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-retry/-/plugin-retry-4.0.4.tgz",
+      "integrity": "sha512-d7qGFLR3AH+WbNEDUvBPgMc7wRCxU40FZyNXFFqs8ISw75ZYS5/P3ScggzU13dCoY0aywYDxKugGstQTwNgppA==",
      "dependencies": {
-        "@octokit/types": "^6.0.3",
+        "@octokit/types": "^9.0.0",
        "bottleneck": "^2.15.3"
-      }
-    },
-    "node_modules/@octokit/plugin-retry/node_modules/@octokit/openapi-types": {
-      "version": "12.11.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz",
-      "integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ=="
-    },
-    "node_modules/@octokit/plugin-retry/node_modules/@octokit/types": {
-      "version": "6.41.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz",
-      "integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==",
-      "dependencies": {
-        "@octokit/openapi-types": "^12.11.0"
+      },
+      "engines": {
+        "node": ">= 14"
+      },
+      "peerDependencies": {
+        "@octokit/core": ">=3"
      }
    },
    "node_modules/@octokit/request": {
@@ -657,11 +650,11 @@
      }
    },
    "node_modules/@octokit/types": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-8.0.0.tgz",
-      "integrity": "sha512-65/TPpOJP1i3K4lBJMnWqPUJ6zuOtzhtagDvydAWbEXpbFYA0oMKKyLb95NFZZP0lSh/4b6K+DQlzvYQJQQePg==",
+      "version": "9.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-9.0.0.tgz",
+      "integrity": "sha512-LUewfj94xCMH2rbD5YJ+6AQ4AVjFYTgpp6rboWM5T7N3IsIF65SBEOVcYMGAEzO/kKNiNaW4LoWtoThOhH06gw==",
      "dependencies": {
-        "@octokit/openapi-types": "^14.0.0"
+        "@octokit/openapi-types": "^16.0.0"
      }
    },
    "node_modules/@opentelemetry/api": {
@@ -9,12 +9,12 @@
  "publishConfig": {
    "access": "public"
  },
-  "version": "14.0.0",
+  "version": "16.0.0",
  "main": "",
  "types": "types.d.ts",
  "author": "Gregor Martynus (https://twitter.com/gr2m)",
  "license": "MIT",
  "octokit": {
-    "openapi-version": "8.0.0"
+    "openapi-version": "10.0.0"
  }
 }
@@ -1,6 +1,6 @@
 # plugin-retry.js

-> Retries requests for server 4xx/5xx responses except `400`, `401`, `403` and `404`.
+> Retries requests for server 4xx/5xx responses except `400`, `401`, `403`, `404`, and `422`.

 [![@latest](https://img.shields.io/npm/v/@octokit/plugin-retry.svg)](https://www.npmjs.com/package/@octokit/plugin-retry)
 [![Build Status](https://github.com/octokit/plugin-retry.js/workflows/Test/badge.svg)](https://github.com/octokit/plugin-retry.js/actions?workflow=Test)
@@ -76,7 +76,7 @@ const octokit = new MyOctokit({
 });
 ```

-You can manually ask for retries for any request by passing `{ request: { retries: numRetries, retryAfter: delayInSeconds }}`
+You can manually ask for retries for any request by passing `{ request: { retries: numRetries, retryAfter: delayInSeconds }}`. Note that the `doNotRetry` option from the constructor is ignored in this case, requests will be retried no matter their response code.

 ```js
 octokit
@@ -11,29 +11,26 @@ async function errorRequest(octokit, state, error, options) {
  if (!error.request || !error.request.request) {
    // address https://github.com/octokit/plugin-retry.js/issues/8
    throw error;
-  } // retry all >= 400 && not doNotRetry
-
-
+  }
+  // retry all >= 400 && not doNotRetry
  if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {
    const retries = options.request.retries != null ? options.request.retries : state.retries;
    const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);
    throw octokit.retry.retryRequest(error, retries, retryAfter);
-  } // Maybe eventually there will be more cases here
-
-
+  }
+  // Maybe eventually there will be more cases here
  throw error;
 }

 // @ts-ignore
-
+// @ts-ignore
 async function wrapRequest(state, request, options) {
-  const limiter = new Bottleneck(); // @ts-ignore
-
+  const limiter = new Bottleneck();
+  // @ts-ignore
  limiter.on("failed", function (error, info) {
    const maxRetries = ~~error.request.request.retries;
    const after = ~~error.request.request.retryAfter;
    options.request.retryCount = info.retryCount + 1;
-
    if (maxRetries > info.retryCount) {
      // Returning a number instructs the limiter to retry
      // the request after that number of milliseconds have passed
@@ -43,7 +40,7 @@ async function wrapRequest(state, request, options) {
  return limiter.schedule(request, options);
 }

-const VERSION = "3.0.9";
+const VERSION = "4.0.4";
 function retry(octokit, octokitOptions) {
  const state = Object.assign({
    enabled: true,
@@ -51,12 +48,10 @@ function retry(octokit, octokitOptions) {
    doNotRetry: [400, 401, 403, 404, 422],
    retries: 3
  }, octokitOptions.retry);
-
  if (state.enabled) {
    octokit.hook.error("request", errorRequest.bind(null, octokit, state));
    octokit.hook.wrap("request", wrapRequest.bind(null, state));
  }
-
  return {
    retry: {
      retryRequest: (error, retries, retryAfter) => {
@@ -1 +1 @@
-export const VERSION = "3.0.9";
+export const VERSION = "4.0.4";
@@ -1 +1 @@
-export declare const VERSION = "3.0.9";
+export declare const VERSION = "4.0.4";
@@ -34,7 +34,7 @@ async function wrapRequest(state, request, options) {
    return limiter.schedule(request, options);
 }

-const VERSION = "3.0.9";
+const VERSION = "4.0.4";
 function retry(octokit, octokitOptions) {
    const state = Object.assign({
        enabled: true,
@@ -1 +1 @@
-{"version":3,"file":"index.js","sources":["../dist-src/error-request.js","../dist-src/wrap-request.js","../dist-src/index.js"],"sourcesContent":["// @ts-ignore\nexport async function errorRequest(octokit, state, error, options) {\n    if (!error.request || !error.request.request) {\n        // address https://github.com/octokit/plugin-retry.js/issues/8\n        throw error;\n    }\n    // retry all >= 400 && not doNotRetry\n    if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {\n        const retries = options.request.retries != null ? options.request.retries : state.retries;\n        const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);\n        throw octokit.retry.retryRequest(error, retries, retryAfter);\n    }\n    // Maybe eventually there will be more cases here\n    throw error;\n}\n","// @ts-ignore\nimport Bottleneck from \"bottleneck/light\";\n// @ts-ignore\nexport async function wrapRequest(state, request, options) {\n    const limiter = new Bottleneck();\n    // @ts-ignore\n    limiter.on(\"failed\", function (error, info) {\n        const maxRetries = ~~error.request.request.retries;\n        const after = ~~error.request.request.retryAfter;\n        options.request.retryCount = info.retryCount + 1;\n        if (maxRetries > info.retryCount) {\n            // Returning a number instructs the limiter to retry\n            // the request after that number of milliseconds have passed\n            return after * state.retryAfterBaseValue;\n        }\n    });\n    return limiter.schedule(request, options);\n}\n","import { errorRequest } from \"./error-request\";\nimport { wrapRequest } from \"./wrap-request\";\nexport const VERSION = \"3.0.9\";\nexport function retry(octokit, octokitOptions) {\n    const state = Object.assign({\n        enabled: true,\n        retryAfterBaseValue: 1000,\n        doNotRetry: [400, 401, 403, 404, 422],\n        retries: 3,\n    }, octokitOptions.retry);\n    if (state.enabled) {\n        octokit.hook.error(\"request\", errorRequest.bind(null, octokit, state));\n        octokit.hook.wrap(\"request\", wrapRequest.bind(null, state));\n    }\n    return {\n        retry: {\n            retryRequest: (error, retries, retryAfter) => {\n                error.request.request = Object.assign({}, error.request.request, {\n                    retries: retries,\n                    retryAfter: retryAfter,\n                });\n                return error;\n            },\n        },\n    };\n}\nretry.VERSION = VERSION;\n"],"names":[],"mappings":";;AAAA;AACO,eAAe,YAAY,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE;AACnE,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE;AAClD;AACA,QAAQ,MAAM,KAAK,CAAC;AACpB,KAAK;AACL;AACA,IAAI,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;AACzE,QAAQ,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,IAAI,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;AAClG,QAAQ,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9E,QAAQ,MAAM,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;AACrE,KAAK;AACL;AACA,IAAI,MAAM,KAAK,CAAC;AAChB;;ACdA;AACA,AACA;AACA,AAAO,eAAe,WAAW,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE;AAC3D,IAAI,MAAM,OAAO,GAAG,IAAI,UAAU,EAAE,CAAC;AACrC;AACA,IAAI,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,UAAU,KAAK,EAAE,IAAI,EAAE;AAChD,QAAQ,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;AAC3D,QAAQ,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;AACzD,QAAQ,OAAO,CAAC,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;AACzD,QAAQ,IAAI,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE;AAC1C;AACA;AACA,YAAY,OAAO,KAAK,GAAG,KAAK,CAAC,mBAAmB,CAAC;AACrD,SAAS;AACT,KAAK,CAAC,CAAC;AACP,IAAI,OAAO,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC;;ACfW,MAAC,OAAO,GAAG,mBAAmB,CAAC;AAC3C,AAAO,SAAS,KAAK,CAAC,OAAO,EAAE,cAAc,EAAE;AAC/C,IAAI,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC;AAChC,QAAQ,OAAO,EAAE,IAAI;AACrB,QAAQ,mBAAmB,EAAE,IAAI;AACjC,QAAQ,UAAU,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;AAC7C,QAAQ,OAAO,EAAE,CAAC;AAClB,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC;AAC7B,IAAI,IAAI,KAAK,CAAC,OAAO,EAAE;AACvB,QAAQ,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;AAC/E,QAAQ,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;AACpE,KAAK;AACL,IAAI,OAAO;AACX,QAAQ,KAAK,EAAE;AACf,YAAY,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,UAAU,KAAK;AAC1D,gBAAgB,KAAK,CAAC,OAAO,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE;AACjF,oBAAoB,OAAO,EAAE,OAAO;AACpC,oBAAoB,UAAU,EAAE,UAAU;AAC1C,iBAAiB,CAAC,CAAC;AACnB,gBAAgB,OAAO,KAAK,CAAC;AAC7B,aAAa;AACb,SAAS;AACT,KAAK,CAAC;AACN,CAAC;AACD,KAAK,CAAC,OAAO,GAAG,OAAO,CAAC;;;;"}
+{"version":3,"file":"index.js","sources":["../dist-src/error-request.js","../dist-src/wrap-request.js","../dist-src/index.js"],"sourcesContent":["// @ts-ignore\nexport async function errorRequest(octokit, state, error, options) {\n    if (!error.request || !error.request.request) {\n        // address https://github.com/octokit/plugin-retry.js/issues/8\n        throw error;\n    }\n    // retry all >= 400 && not doNotRetry\n    if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {\n        const retries = options.request.retries != null ? options.request.retries : state.retries;\n        const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);\n        throw octokit.retry.retryRequest(error, retries, retryAfter);\n    }\n    // Maybe eventually there will be more cases here\n    throw error;\n}\n","// @ts-ignore\nimport Bottleneck from \"bottleneck/light\";\n// @ts-ignore\nexport async function wrapRequest(state, request, options) {\n    const limiter = new Bottleneck();\n    // @ts-ignore\n    limiter.on(\"failed\", function (error, info) {\n        const maxRetries = ~~error.request.request.retries;\n        const after = ~~error.request.request.retryAfter;\n        options.request.retryCount = info.retryCount + 1;\n        if (maxRetries > info.retryCount) {\n            // Returning a number instructs the limiter to retry\n            // the request after that number of milliseconds have passed\n            return after * state.retryAfterBaseValue;\n        }\n    });\n    return limiter.schedule(request, options);\n}\n","import { errorRequest } from \"./error-request\";\nimport { wrapRequest } from \"./wrap-request\";\nexport const VERSION = \"4.0.4\";\nexport function retry(octokit, octokitOptions) {\n    const state = Object.assign({\n        enabled: true,\n        retryAfterBaseValue: 1000,\n        doNotRetry: [400, 401, 403, 404, 422],\n        retries: 3,\n    }, octokitOptions.retry);\n    if (state.enabled) {\n        octokit.hook.error(\"request\", errorRequest.bind(null, octokit, state));\n        octokit.hook.wrap(\"request\", wrapRequest.bind(null, state));\n    }\n    return {\n        retry: {\n            retryRequest: (error, retries, retryAfter) => {\n                error.request.request = Object.assign({}, error.request.request, {\n                    retries: retries,\n                    retryAfter: retryAfter,\n                });\n                return error;\n            },\n        },\n    };\n}\nretry.VERSION = VERSION;\n"],"names":[],"mappings":";;AAAA;AACO,eAAe,YAAY,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE;AACnE,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE;AAClD;AACA,QAAQ,MAAM,KAAK,CAAC;AACpB,KAAK;AACL;AACA,IAAI,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;AACzE,QAAQ,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,IAAI,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;AAClG,QAAQ,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9E,QAAQ,MAAM,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;AACrE,KAAK;AACL;AACA,IAAI,MAAM,KAAK,CAAC;AAChB;;ACdA;AACA,AACA;AACA,AAAO,eAAe,WAAW,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE;AAC3D,IAAI,MAAM,OAAO,GAAG,IAAI,UAAU,EAAE,CAAC;AACrC;AACA,IAAI,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,UAAU,KAAK,EAAE,IAAI,EAAE;AAChD,QAAQ,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;AAC3D,QAAQ,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;AACzD,QAAQ,OAAO,CAAC,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;AACzD,QAAQ,IAAI,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE;AAC1C;AACA;AACA,YAAY,OAAO,KAAK,GAAG,KAAK,CAAC,mBAAmB,CAAC;AACrD,SAAS;AACT,KAAK,CAAC,CAAC;AACP,IAAI,OAAO,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC;;ACfW,MAAC,OAAO,GAAG,mBAAmB,CAAC;AAC3C,AAAO,SAAS,KAAK,CAAC,OAAO,EAAE,cAAc,EAAE;AAC/C,IAAI,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC;AAChC,QAAQ,OAAO,EAAE,IAAI;AACrB,QAAQ,mBAAmB,EAAE,IAAI;AACjC,QAAQ,UAAU,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;AAC7C,QAAQ,OAAO,EAAE,CAAC;AAClB,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC;AAC7B,IAAI,IAAI,KAAK,CAAC,OAAO,EAAE;AACvB,QAAQ,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;AAC/E,QAAQ,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;AACpE,KAAK;AACL,IAAI,OAAO;AACX,QAAQ,KAAK,EAAE;AACf,YAAY,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,UAAU,KAAK;AAC1D,gBAAgB,KAAK,CAAC,OAAO,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE;AACjF,oBAAoB,OAAO,EAAE,OAAO;AACpC,oBAAoB,UAAU,EAAE,UAAU;AAC1C,iBAAiB,CAAC,CAAC;AACnB,gBAAgB,OAAO,KAAK,CAAC;AAC7B,aAAa;AACb,SAAS;AACT,KAAK,CAAC;AACN,CAAC;AACD,KAAK,CAAC,OAAO,GAAG,OAAO,CAAC;;;;"}
@@ -1,7 +0,0 @@
-Copyright 2020 Gregor Martynus
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -1,17 +0,0 @@
-# @octokit/openapi-types
-
-> Generated TypeScript definitions based on GitHub's OpenAPI spec
-
-This package is continously updated based on [GitHub's OpenAPI specification](https://github.com/github/rest-api-description/)
-
-## Usage
-
-```ts
-import { components } from "@octokit/openapi-types";
-
-type Repository = components["schemas"]["full-repository"];
-```
-
-## License
-
-[MIT](LICENSE)
@@ -1,20 +0,0 @@
-{
-  "name": "@octokit/openapi-types",
-  "description": "Generated TypeScript definitions based on GitHub's OpenAPI spec for api.github.com",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/octokit/openapi-types.ts.git",
-    "directory": "packages/openapi-types"
-  },
-  "publishConfig": {
-    "access": "public"
-  },
-  "version": "12.11.0",
-  "main": "",
-  "types": "types.d.ts",
-  "author": "Gregor Martynus (https://twitter.com/gr2m)",
-  "license": "MIT",
-  "octokit": {
-    "openapi-version": "6.8.0"
-  }
-}
@@ -1,7 +0,0 @@
-MIT License Copyright (c) 2019 Octokit contributors
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -1,65 +0,0 @@
-# types.ts
-
-> Shared TypeScript definitions for Octokit projects
-
-[![@latest](https://img.shields.io/npm/v/@octokit/types.svg)](https://www.npmjs.com/package/@octokit/types)
-[![Build Status](https://github.com/octokit/types.ts/workflows/Test/badge.svg)](https://github.com/octokit/types.ts/actions?workflow=Test)
-
-<!-- toc -->
-
- [Usage](#usage)
- [Examples](#examples)
-  - [Get parameter and response data types for a REST API endpoint](#get-parameter-and-response-data-types-for-a-rest-api-endpoint)
-  - [Get response types from endpoint methods](#get-response-types-from-endpoint-methods)
- [Contributing](#contributing)
- [License](#license)
-
-<!-- tocstop -->
-
-## Usage
-
-See all exported types at https://octokit.github.io/types.ts
-
-## Examples
-
-### Get parameter and response data types for a REST API endpoint
-
-```ts
-import { Endpoints } from "@octokit/types";
-
-type listUserReposParameters =
-  Endpoints["GET /repos/{owner}/{repo}"]["parameters"];
-type listUserReposResponse = Endpoints["GET /repos/{owner}/{repo}"]["response"];
-
-async function listRepos(
-  options: listUserReposParameters
-): listUserReposResponse["data"] {
-  // ...
-}
-```
-
-### Get response types from endpoint methods
-
-```ts
-import {
-  GetResponseTypeFromEndpointMethod,
-  GetResponseDataTypeFromEndpointMethod,
-} from "@octokit/types";
-import { Octokit } from "@octokit/rest";
-
-const octokit = new Octokit();
-type CreateLabelResponseType = GetResponseTypeFromEndpointMethod<
-  typeof octokit.issues.createLabel
->;
-type CreateLabelResponseDataType = GetResponseDataTypeFromEndpointMethod<
-  typeof octokit.issues.createLabel
->;
-```
-
-## Contributing
-
-See [CONTRIBUTING.md](CONTRIBUTING.md)
-
-## License
-
-[MIT](LICENSE)
@@ -1,8 +0,0 @@
-'use strict';
-
-Object.defineProperty(exports, '__esModule', { value: true });
-
-const VERSION = "6.41.0";
-
-exports.VERSION = VERSION;
-//# sourceMappingURL=index.js.map
@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sources":["../dist-src/VERSION.js"],"sourcesContent":["export const VERSION = \"0.0.0-development\";\n"],"names":["VERSION"],"mappings":";;;;MAAaA,OAAO,GAAG;;;;"}
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export {};
@@ -1 +0,0 @@
-export const VERSION = "6.41.0";
@@ -1 +0,0 @@
-export {};
@@ -1,21 +0,0 @@
-export * from "./AuthInterface";
-export * from "./EndpointDefaults";
-export * from "./EndpointInterface";
-export * from "./EndpointOptions";
-export * from "./Fetch";
-export * from "./OctokitResponse";
-export * from "./RequestError";
-export * from "./RequestHeaders";
-export * from "./RequestInterface";
-export * from "./RequestMethod";
-export * from "./RequestOptions";
-export * from "./RequestParameters";
-export * from "./RequestRequestOptions";
-export * from "./ResponseHeaders";
-export * from "./Route";
-export * from "./Signal";
-export * from "./StrategyInterface";
-export * from "./Url";
-export * from "./VERSION";
-export * from "./GetResponseTypeFromEndpointMethod";
-export * from "./generated/Endpoints";
@@ -1,31 +0,0 @@
-import { EndpointOptions } from "./EndpointOptions";
-import { OctokitResponse } from "./OctokitResponse";
-import { RequestInterface } from "./RequestInterface";
-import { RequestParameters } from "./RequestParameters";
-import { Route } from "./Route";
-/**
- * Interface to implement complex authentication strategies for Octokit.
- * An object Implementing the AuthInterface can directly be passed as the
- * `auth` option in the Octokit constructor.
- *
- * For the official implementations of the most common authentication
- * strategies, see https://github.com/octokit/auth.js
- */
-export interface AuthInterface<AuthOptions extends any[], Authentication extends any> {
-    (...args: AuthOptions): Promise<Authentication>;
-    hook: {
-        /**
-         * Sends a request using the passed `request` instance
-         *
-         * @param {object} endpoint Must set `method` and `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
-         */
-        <T = any>(request: RequestInterface, options: EndpointOptions): Promise<OctokitResponse<T>>;
-        /**
-         * Sends a request using the passed `request` instance
-         *
-         * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
-         * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
-         */
-        <T = any>(request: RequestInterface, route: Route, parameters?: RequestParameters): Promise<OctokitResponse<T>>;
-    };
-}
@@ -1,21 +0,0 @@
-import { RequestHeaders } from "./RequestHeaders";
-import { RequestMethod } from "./RequestMethod";
-import { RequestParameters } from "./RequestParameters";
-import { Url } from "./Url";
-/**
- * The `.endpoint()` method is guaranteed to set all keys defined by RequestParameters
- * as well as the method property.
- */
-export declare type EndpointDefaults = RequestParameters & {
-    baseUrl: Url;
-    method: RequestMethod;
-    url?: Url;
-    headers: RequestHeaders & {
-        accept: string;
-        "user-agent": string;
-    };
-    mediaType: {
-        format: string;
-        previews: string[];
-    };
-};
@@ -1,65 +0,0 @@
-import { EndpointDefaults } from "./EndpointDefaults";
-import { RequestOptions } from "./RequestOptions";
-import { RequestParameters } from "./RequestParameters";
-import { Route } from "./Route";
-import { Endpoints } from "./generated/Endpoints";
-export interface EndpointInterface<D extends object = object> {
-    /**
-     * Transforms a GitHub REST API endpoint into generic request options
-     *
-     * @param {object} endpoint Must set `url` unless it's set defaults. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
-     */
-    <O extends RequestParameters = RequestParameters>(options: O & {
-        method?: string;
-    } & ("url" extends keyof D ? {
-        url?: string;
-    } : {
-        url: string;
-    })): RequestOptions & Pick<D & O, keyof RequestOptions>;
-    /**
-     * Transforms a GitHub REST API endpoint into generic request options
-     *
-     * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
-     * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
-     */
-    <R extends Route, P extends RequestParameters = R extends keyof Endpoints ? Endpoints[R]["parameters"] & RequestParameters : RequestParameters>(route: keyof Endpoints | R, parameters?: P): (R extends keyof Endpoints ? Endpoints[R]["request"] : RequestOptions) & Pick<P, keyof RequestOptions>;
-    /**
-     * Object with current default route and parameters
-     */
-    DEFAULTS: D & EndpointDefaults;
-    /**
-     * Returns a new `endpoint` interface with new defaults
-     */
-    defaults: <O extends RequestParameters = RequestParameters>(newDefaults: O) => EndpointInterface<D & O>;
-    merge: {
-        /**
-         * Merges current endpoint defaults with passed route and parameters,
-         * without transforming them into request options.
-         *
-         * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
-         * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
-         *
-         */
-        <R extends Route, P extends RequestParameters = R extends keyof Endpoints ? Endpoints[R]["parameters"] & RequestParameters : RequestParameters>(route: keyof Endpoints | R, parameters?: P): D & (R extends keyof Endpoints ? Endpoints[R]["request"] & Endpoints[R]["parameters"] : EndpointDefaults) & P;
-        /**
-         * Merges current endpoint defaults with passed route and parameters,
-         * without transforming them into request options.
-         *
-         * @param {object} endpoint Must set `method` and `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
-         */
-        <P extends RequestParameters = RequestParameters>(options: P): EndpointDefaults & D & P;
-        /**
-         * Returns current default options.
-         *
-         * @deprecated use endpoint.DEFAULTS instead
-         */
-        (): D & EndpointDefaults;
-    };
-    /**
-     * Stateless method to turn endpoint options into request options.
-     * Calling `endpoint(options)` is the same as calling `endpoint.parse(endpoint.merge(options))`.
-     *
-     * @param {object} options `method`, `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
-     */
-    parse: <O extends EndpointDefaults = EndpointDefaults>(options: O) => RequestOptions & Pick<O, keyof RequestOptions>;
-}
@@ -1,7 +0,0 @@
-import { RequestMethod } from "./RequestMethod";
-import { Url } from "./Url";
-import { RequestParameters } from "./RequestParameters";
-export declare type EndpointOptions = RequestParameters & {
-    method: RequestMethod;
-    url: Url;
-};
@@ -1,4 +0,0 @@
-/**
- * Browser's fetch method (or compatible such as fetch-mock)
- */
-export declare type Fetch = any;
@@ -1,5 +0,0 @@
-declare type Unwrap<T> = T extends Promise<infer U> ? U : T;
-declare type AnyFunction = (...args: any[]) => any;
-export declare type GetResponseTypeFromEndpointMethod<T extends AnyFunction> = Unwrap<ReturnType<T>>;
-export declare type GetResponseDataTypeFromEndpointMethod<T extends AnyFunction> = Unwrap<ReturnType<T>>["data"];
-export {};
@@ -1,17 +0,0 @@
-import { ResponseHeaders } from "./ResponseHeaders";
-import { Url } from "./Url";
-export declare type OctokitResponse<T, S extends number = number> = {
-    headers: ResponseHeaders;
-    /**
-     * http response code
-     */
-    status: S;
-    /**
-     * URL of response after all redirects
-     */
-    url: Url;
-    /**
-     * Response data as documented in the REST API reference documentation at https://docs.github.com/rest/reference
-     */
-    data: T;
-};
@@ -1,11 +0,0 @@
-export declare type RequestError = {
-    name: string;
-    status: number;
-    documentation_url: string;
-    errors?: Array<{
-        resource: string;
-        code: string;
-        field: string;
-        message?: string;
-    }>;
-};
@@ -1,15 +0,0 @@
-export declare type RequestHeaders = {
-    /**
-     * Avoid setting `headers.accept`, use `mediaType.{format|previews}` option instead.
-     */
-    accept?: string;
-    /**
-     * Use `authorization` to send authenticated request, remember `token ` / `bearer ` prefixes. Example: `token 1234567890abcdef1234567890abcdef12345678`
-     */
-    authorization?: string;
-    /**
-     * `user-agent` is set do a default and can be overwritten as needed.
-     */
-    "user-agent"?: string;
-    [header: string]: string | number | undefined;
-};
@@ -1,34 +0,0 @@
-import { EndpointInterface } from "./EndpointInterface";
-import { OctokitResponse } from "./OctokitResponse";
-import { RequestParameters } from "./RequestParameters";
-import { Route } from "./Route";
-import { Endpoints } from "./generated/Endpoints";
-export interface RequestInterface<D extends object = object> {
-    /**
-     * Sends a request based on endpoint options
-     *
-     * @param {object} endpoint Must set `method` and `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
-     */
-    <T = any, O extends RequestParameters = RequestParameters>(options: O & {
-        method?: string;
-    } & ("url" extends keyof D ? {
-        url?: string;
-    } : {
-        url: string;
-    })): Promise<OctokitResponse<T>>;
-    /**
-     * Sends a request based on endpoint options
-     *
-     * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
-     * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
-     */
-    <R extends Route>(route: keyof Endpoints | R, options?: R extends keyof Endpoints ? Endpoints[R]["parameters"] & RequestParameters : RequestParameters): R extends keyof Endpoints ? Promise<Endpoints[R]["response"]> : Promise<OctokitResponse<any>>;
-    /**
-     * Returns a new `request` with updated route and parameters
-     */
-    defaults: <O extends RequestParameters = RequestParameters>(newDefaults: O) => RequestInterface<D & O>;
-    /**
-     * Octokit endpoint API, see {@link https://github.com/octokit/endpoint.js|@octokit/endpoint}
-     */
-    endpoint: EndpointInterface<D>;
-}
@@ -1,4 +0,0 @@
-/**
- * HTTP Verb supported by GitHub's REST API
- */
-export declare type RequestMethod = "DELETE" | "GET" | "HEAD" | "PATCH" | "POST" | "PUT";
@@ -1,14 +0,0 @@
-import { RequestHeaders } from "./RequestHeaders";
-import { RequestMethod } from "./RequestMethod";
-import { RequestRequestOptions } from "./RequestRequestOptions";
-import { Url } from "./Url";
-/**
- * Generic request options as they are returned by the `endpoint()` method
- */
-export declare type RequestOptions = {
-    method: RequestMethod;
-    url: Url;
-    headers: RequestHeaders;
-    body?: any;
-    request?: RequestRequestOptions;
-};
@@ -1,45 +0,0 @@
-import { RequestRequestOptions } from "./RequestRequestOptions";
-import { RequestHeaders } from "./RequestHeaders";
-import { Url } from "./Url";
-/**
- * Parameters that can be passed into `request(route, parameters)` or `endpoint(route, parameters)` methods
- */
-export declare type RequestParameters = {
-    /**
-     * Base URL to be used when a relative URL is passed, such as `/orgs/{org}`.
-     * If `baseUrl` is `https://enterprise.acme-inc.com/api/v3`, then the request
-     * will be sent to `https://enterprise.acme-inc.com/api/v3/orgs/{org}`.
-     */
-    baseUrl?: Url;
-    /**
-     * HTTP headers. Use lowercase keys.
-     */
-    headers?: RequestHeaders;
-    /**
-     * Media type options, see {@link https://developer.github.com/v3/media/|GitHub Developer Guide}
-     */
-    mediaType?: {
-        /**
-         * `json` by default. Can be `raw`, `text`, `html`, `full`, `diff`, `patch`, `sha`, `base64`. Depending on endpoint
-         */
-        format?: string;
-        /**
-         * Custom media type names of {@link https://developer.github.com/v3/media/|API Previews} without the `-preview` suffix.
-         * Example for single preview: `['squirrel-girl']`.
-         * Example for multiple previews: `['squirrel-girl', 'mister-fantastic']`.
-         */
-        previews?: string[];
-    };
-    /**
-     * Pass custom meta information for the request. The `request` object will be returned as is.
-     */
-    request?: RequestRequestOptions;
-    /**
-     * Any additional parameter will be passed as follows
-     * 1. URL parameter if `':parameter'` or `{parameter}` is part of `url`
-     * 2. Query parameter if `method` is `'GET'` or `'HEAD'`
-     * 3. Request body if `parameter` is `'data'`
-     * 4. JSON in the request body in the form of `body[parameter]` unless `parameter` key is `'data'`
-     */
-    [parameter: string]: unknown;
-};
@@ -1,26 +0,0 @@
-import { Fetch } from "./Fetch";
-import { Signal } from "./Signal";
-/**
- * Octokit-specific request options which are ignored for the actual request, but can be used by Octokit or plugins to manipulate how the request is sent or how a response is handled
- */
-export declare type RequestRequestOptions = {
-    /**
-     * Node only. Useful for custom proxy, certificate, or dns lookup.
-     *
-     * @see https://nodejs.org/api/http.html#http_class_http_agent
-     */
-    agent?: unknown;
-    /**
-     * Custom replacement for built-in fetch method. Useful for testing or request hooks.
-     */
-    fetch?: Fetch;
-    /**
-     * Use an `AbortController` instance to cancel a request. In node you can only cancel streamed requests.
-     */
-    signal?: Signal;
-    /**
-     * Node only. Request/response timeout in ms, it resets on redirect. 0 to disable (OS limit applies). `options.request.signal` is recommended instead.
-     */
-    timeout?: number;
-    [option: string]: any;
-};
@@ -1,20 +0,0 @@
-export declare type ResponseHeaders = {
-    "cache-control"?: string;
-    "content-length"?: number;
-    "content-type"?: string;
-    date?: string;
-    etag?: string;
-    "last-modified"?: string;
-    link?: string;
-    location?: string;
-    server?: string;
-    status?: string;
-    vary?: string;
-    "x-github-mediatype"?: string;
-    "x-github-request-id"?: string;
-    "x-oauth-scopes"?: string;
-    "x-ratelimit-limit"?: string;
-    "x-ratelimit-remaining"?: string;
-    "x-ratelimit-reset"?: string;
-    [header: string]: string | number | undefined;
-};
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Andrew Eisenberg	a589d4087e	Merge pull request #1527 from github/aeisenberg/qlconfig-in-cli Ensure qlconfig file is created when config parsing in cli is on	2023-02-27 10:26:08 -08:00
Andrew Eisenberg	98d24e5629	Address comments from PR	2023-02-27 09:59:16 -08:00
Henry Mercer	903be79953	Merge pull request #1548 from github/mergeback/v2.2.5-to-main-32dc4993 Mergeback v2.2.5 refs/heads/releases/v2 into main	2023-02-27 11:02:00 +00:00
github-actions[bot]	18ff14b615	Update checked-in dependencies	2023-02-27 09:35:51 +00:00
Henry Mercer	36a249f5ae	Merge branch 'main' into mergeback/v2.2.5-to-main-32dc4993	2023-02-27 09:33:05 +00:00
Henry Mercer	041757fc59	Merge pull request #1549 from github/henrymercer/fix-update-dependencies Fix workflow to update dependencies	2023-02-27 09:11:46 +00:00
Andrew Eisenberg	8f19113f88	Merge branch 'main' into aeisenberg/qlconfig-in-cli	2023-02-26 18:35:21 -08:00
Henry Mercer	cf1855ae37	Fix workflow to update dependencies Port over the fix from https://github.com/github/codeql-action/pull/1544 and share code so these scripts don't get out of sync again.	2023-02-24 20:25:21 +00:00
github-actions[bot]	652709d1b9	Update changelog and version after v2.2.5	2023-02-24 19:28:26 +00:00
Henry Mercer	32dc499307	Merge pull request #1547 from github/update-v2.2.5-237a258d2 Merge main into releases/v2	2023-02-24 19:26:08 +00:00
github-actions[bot]	b742728ac2	Update changelog for v2.2.5	2023-02-24 19:01:14 +00:00
Alexander Eyers-Taylor	237a258d2b	Merge pull request #1543 from github/alexet/update-2.12.3 Update default CodeQL bundle version to 2.12.3	2023-02-23 15:46:39 +00:00
Alexander Eyers-Taylor	5972e6d72e	Fix lib file	2023-02-22 18:38:46 +00:00
Alexander Eyers-Taylor	164027e682	Fix bundle versions	2023-02-22 18:18:37 +00:00
Andrew Eisenberg	736263f8fe	Update src/codeql.ts	2023-02-17 13:22:25 -08:00
Chuan-kai Lin	3dde1f3512	Merge pull request #1540 from cklin/expect-discarded-cache Set --expect-discarded-cache option	2023-02-17 12:36:05 -08:00
Chuan-kai Lin	d7d7567b0e	Unit tests for optimizeForLastQueryRun	2023-02-17 11:19:38 -08:00
Chuan-kai Lin	0e4e857bab	Set optimizeForLastQueryRun on last run	2023-02-17 11:17:42 -08:00
Chuan-kai Lin	08d1f21d4f	Calculate customQueryIndices early This refactoring commit changes runQueries() to calculate the set of indices with non-empty custom queries early. Doing so allows us to check early on whether there are any custom queries to run.	2023-02-17 11:14:08 -08:00
Andrew Eisenberg	f3bd25eefa	Merge pull request #1544 from github/aeisenberg/clean-cache Clean the npm cache before running install	2023-02-17 10:50:03 -08:00
Andrew Eisenberg	41f1810e52	Clean the npm cache before running install	2023-02-17 09:54:53 -08:00
Alexander Eyers-Taylor	d87ad69338	Update default CodeQL bundle version to 2.12.3	2023-02-17 15:49:39 +00:00
Chuan-kai Lin	8242edb8ed	databaseRunQueries(): add optimizeForLastQueryRun parameter	2023-02-15 08:45:13 -08:00
Chuan-kai Lin	3095a09bb0	databaseRunQueries(): accept a list of flags This refactoring commit changes databaseRunQueries() to accept a list of flags instead of separate memory and threads flags.	2023-02-14 11:53:52 -08:00
Andrew Eisenberg	e00cd12e3e	Merge pull request #1539 from github/aeisenberg/unref-delay Avoid unref-ing timer while awaiting status upload	2023-02-13 15:24:43 -08:00
Angela P Wen	a25536bc80	Optionally send tools download telemetry (#1538 )	2023-02-13 21:45:54 +00:00
Andrew Eisenberg	a2487fb969	Avoid unref-ing timer while awaiting status upload We had a problem where `waitForProcessing` was not completing before the node process ends. This is because using `unref` would allow the node process to end without having the `delay` function complete.	2023-02-13 13:43:18 -08:00
Chuan-kai Lin	e187d074ed	Merge pull request #1533 from cklin/trap-caching-feature-flag Remove TRAP caching feature flag	2023-02-13 06:25:11 -08:00
Angela P Wen	89c5165e5a	Remove v1 from release docs (#1536 )	2023-02-10 12:40:45 -08:00
Angela P Wen	ba216f7d34	Merge pull request #1535 from github/mergeback/v2.2.4-to-main-17573ee1 Mergeback v2.2.4 refs/heads/releases/v2 into main	2023-02-10 10:57:09 -08:00
github-actions[bot]	68f4f0d3bb	Update checked-in dependencies	2023-02-10 18:30:00 +00:00
github-actions[bot]	12d9a244fa	Update changelog and version after v2.2.4	2023-02-10 18:23:25 +00:00
Angela P Wen	17573ee1cc	Merge pull request #1534 from github/update-v2.2.4-40babc141 Merge main into releases/v2	2023-02-10 10:20:44 -08:00
github-actions[bot]	b6975b4b1a	Update changelog for v2.2.4	2023-02-10 17:42:05 +00:00
Chuan-kai Lin	b011dbdedf	Remove TRAP caching feature flag	2023-02-10 09:27:16 -08:00
Angela P Wen	40babc141f	Tools telemetry: accurately report when feature flags were inaccessible (#1532 ) * Cache whether feature flags are accessible * Small comment fixup from linting change	2023-02-10 09:06:43 -08:00
Andrew Eisenberg	5492b7d104	Add tests for `generateRegistries` with an existing CODEQL_REGISTRIES_AUTH	2023-02-09 13:37:08 -08:00
Andrew Eisenberg	3c81243bb1	Apply suggestions from code review Co-authored-by: Henry Mercer <henry.mercer@me.com>	2023-02-09 12:25:33 -08:00
Andrew Eisenberg	e2f72f11e4	Merge remote-tracking branch 'upstream/main' into aeisenberg/qlconfig-in-cli	2023-02-09 09:47:43 -08:00
Chuan-kai Lin	7ba5ed7eed	Merge pull request #1531 from github/mergeback/v2.2.3-to-main-8775e868 Mergeback v2.2.3 refs/heads/releases/v2 into main	2023-02-08 13:06:40 -08:00
github-actions[bot]	21f3020df6	Update checked-in dependencies	2023-02-08 20:40:37 +00:00
github-actions[bot]	b872c5adfd	Update changelog and version after v2.2.3	2023-02-08 20:37:07 +00:00
Chuan-kai Lin	8775e86802	Merge pull request #1530 from github/update-v2.2.3-c4e22e9fc Merge main into releases/v2	2023-02-08 12:35:06 -08:00
github-actions[bot]	a2ad80b966	Update changelog for v2.2.3	2023-02-08 19:08:32 +00:00
Henry Mercer	c4e22e9fce	Merge pull request #1529 from github/henrymercer/remove-bypass-toolcache-flags Remove feature flags for bypassing the toolcache	2023-02-08 18:13:01 +00:00
Henry Mercer	db534af2ae	Remove feature flags for bypassing the toolcache - We can now use the default bundle version feature flags to remediate a bad bundle update. - Controlled switchover ensures that a repo consistently gets the same bundle version, so we no longer have alert churn concerns with Kotlin and Swift.	2023-02-08 15:20:51 +00:00
Andrew Eisenberg	bbe8d375fd	Ensure qlconfig file is created when config parsing in cli is on Previously, with the config parsing in the cli feature flag turned on, the CLI was not able to download packs from other registries. This PR adds the codeql-action changes required for this. The CLI changes will be in a separate, internal PR.	2023-02-07 10:40:56 -08:00
Chuan-kai Lin	4369dda4ae	Merge pull request #1518 from github/cklin/codeql-cli-2.12.2 Bump default CodeQL version to 2.12.2	2023-02-07 10:27:54 -08:00
Chuan-kai Lin	4f08c2cf20	Bump default CodeQL version to 2.12.2	2023-02-07 08:10:01 -08:00
Angela P Wen	81644f35ff	Add max line length of 120 to linter (#1524 )	2023-02-07 14:09:33 +00:00
Henry Mercer	9ab6aa64a0	Merge pull request #1526 from github/mergeback/v2.2.2-to-main-39d8d7e7 Mergeback v2.2.2 refs/heads/releases/v2 into main	2023-02-06 20:23:48 +00:00
github-actions[bot]	256973e279	Update checked-in dependencies	2023-02-06 20:02:57 +00:00
github-actions[bot]	59b25b480f	Update changelog and version after v2.2.2	2023-02-06 19:48:14 +00:00
Henry Mercer	39d8d7e78f	Merge pull request #1525 from github/update-v2.2.2-927de483f Merge main into releases/v2	2023-02-06 19:46:06 +00:00
Angela P Wen	39c954c513	Support `security-experimental` as a well-known suite (#1519 )	2023-02-06 19:26:03 +00:00
github-actions[bot]	8af83634ca	Update changelog for v2.2.2	2023-02-06 19:16:08 +00:00
Henry Mercer	927de483f0	Merge pull request #1523 from github/henrymercer/fix/cli-version-for-different-bundles Fix toolcache behavior when downloading bundle from another repo	2023-02-06 19:05:45 +00:00
Henry Mercer	e4c0a1b24d	Merge branch 'main' into henrymercer/fix/cli-version-for-different-bundles	2023-02-06 18:24:11 +00:00
Henry Mercer	d3962273b3	Merge pull request #1517 from github/henrymercer/fix/not-all-bundle-urls-contain-tag Fix assumption that all CodeQL bundle URLs contain the tag name of the bundle	2023-02-06 18:20:21 +00:00
Henry Mercer	c3cb270725	Merge pull request #1521 from MahmoudMabrok/patch-1 docs: add direct link to website	2023-02-06 16:34:01 +00:00
Henry Mercer	2b674f7ab9	Fix toolcache behavior when downloading bundle from another repo	2023-02-06 16:25:07 +00:00
Henry Mercer	6d47a7c8b1	Add regression test for bundle from different repo	2023-02-06 16:25:07 +00:00
Henry Mercer	c6ff11c1c4	Add changelog note	2023-02-06 16:24:25 +00:00
Henry Mercer	d3f2b2e6d2	Warn when multiple bundles for a single CLI are found in the toolcache	2023-02-06 12:28:33 +00:00
Henry Mercer	d49282c3b5	Rename `forceLatest` to `forceShippedTools`	2023-02-06 11:57:48 +00:00
Mahmoud Mabrok Fouad	c5c475188a	docs: add direct link to website To make it easy for users to go to website for more info.	2023-02-05 13:56:35 +02:00
Henry Mercer	f140af5e28	Refactor setting up CodeQL to handle bundle URLs without tags	2023-02-03 19:15:06 +00:00
Henry Mercer	e0fc1c91b2	Add regression test for a bundle URL without a tag	2023-02-03 19:13:24 +00:00
Arthur Baars	b95df0b2e7	Merge pull request #1516 from aibaars/auth-parameter Supply authorization parameter to toolcache.downloadTool()	2023-02-03 20:02:59 +01:00
Arthur Baars	2fed02cbe2	Supply authorization parameter to toolcache.downloadTool() Previously we supplied the authorization information via the 'headers' parameter. This works fine, except in some cases when the request is retried.	2023-02-03 14:56:00 +01:00
Angela P Wen	0b2a40fa4a	Merge pull request #1515 from github/mergeback/v2.2.1-to-main-3ebbd71c Mergeback v2.2.1 refs/heads/releases/v2 into main	2023-01-27 02:02:26 -08:00
github-actions[bot]	395ec04a8b	Update checked-in dependencies	2023-01-27 09:37:04 +00:00
github-actions[bot]	e1070bd101	Update changelog and version after v2.2.1	2023-01-27 09:30:07 +00:00
Angela P Wen	3ebbd71c74	Merge pull request #1514 from github/update-v2.2.1-4664f3969 Merge main into releases/v2	2023-01-27 01:28:20 -08:00
github-actions[bot]	2ae6e13cc3	Update changelog for v2.2.1	2023-01-27 09:06:39 +00:00
Angela P Wen	4664f39699	Ensure that `tools_download_duration_ms` is int (#1513 )	2023-01-27 09:03:57 +00:00
Henry Mercer	b2e16761f3	Merge pull request #1512 from github/mergeback/v2.2.0-to-main-436dbd91 Mergeback v2.2.0 refs/heads/releases/v2 into main	2023-01-26 17:44:11 +00:00
github-actions[bot]	592a896a53	Update checked-in dependencies	2023-01-26 16:40:56 +00:00
github-actions[bot]	4a6b5a54c2	Update changelog and version after v2.2.0	2023-01-26 16:39:29 +00:00
Henry Mercer	436dbd9100	Merge pull request #1511 from github/update-v2.2.0-43f1a6c70 Merge main into releases/v2	2023-01-26 16:37:04 +00:00
Henry Mercer	d966969093	Remove $ from version number	2023-01-26 15:22:33 +00:00
github-actions[bot]	f6d03f448d	Update changelog for v2.2.0	2023-01-26 15:18:19 +00:00
Henry Mercer	43f1a6c701	Merge pull request #1510 from github/henrymercer/fix-fallback-version-number Fix computation of fallback version number	2023-01-26 14:17:40 +00:00
Henry Mercer	75ae065ae6	Fix computation of fallback version	2023-01-26 11:49:51 +00:00
Henry Mercer	0a9e9db27f	Add failing regression test	2023-01-26 11:49:24 +00:00
Angela P Wen	24ca6b0400	Send tools telemetry to `init` status report (#1497 ) Co-authored-by: Henry Mercer <henry.mercer@me.com>	2023-01-25 11:09:18 -08:00
Andrew Eisenberg	ebf6415a7d	Merge pull request #1493 from github/aeisenberg/upload-sarif-limits Update CHANGELOG.md with new limits on uploading SARIF	2023-01-25 08:32:05 -08:00
Henry Mercer	a58e90a9da	Merge pull request #1508 from github/henrymercer/default-version-fallback Fall back to the `defaults.json` CLI version if feature flags misconfigured	2023-01-24 20:01:47 +00:00
Andrew Eisenberg	fdff4b0a17	Update CHANGELOG.md Remove apiVersion parameter.	2023-01-24 08:25:23 -08:00
Andrew Eisenberg	8840544b91	Merge branch 'main' into aeisenberg/upload-sarif-limits	2023-01-24 08:23:50 -08:00
Henry Mercer	af42a70c34	Merge pull request #1504 from github/dependabot/npm_and_yarn/octokit/types-9.0.0 Bump @octokit/types from 8.0.0 to 9.0.0	2023-01-24 12:28:00 +00:00
Henry Mercer	824a20f6aa	Merge pull request #1507 from github/henrymercer/swift-autobuild-timeout Limit Swift autobuild runtime in PR check to 10 minutes	2023-01-23 20:16:40 +00:00
Henry Mercer	fa47d5ade1	Merge pull request #1505 from github/henrymercer/more-node-12-cleanup More cleanup as a result of dropping Node 12	2023-01-23 20:11:32 +00:00
github-actions[bot]	71109eca74	Update checked-in dependencies	2023-01-23 20:03:33 +00:00
Henry Mercer	5d931ea2a2	Fall back to the default.json CLI version if feature flags misconfigured	2023-01-23 20:00:44 +00:00
dependabot[bot]	6b17e95b97	Bump @octokit/types from 8.0.0 to 9.0.0 Bumps [@octokit/types](https://github.com/octokit/types.ts) from 8.0.0 to 9.0.0. - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](https://github.com/octokit/types.ts/compare/v8.0.0...v9.0.0) --- updated-dependencies: - dependency-name: "@octokit/types" dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-23 19:48:29 +00:00
Henry Mercer	14c4412c63	Merge pull request #1506 from github/henrymercer/prepare-test-fail-early Fail `prepare-test` early when `gh release list` fails	2023-01-23 19:39:31 +00:00
Henry Mercer	ebdd5a069f	Remove `perf_hooks` Node 12 comment We don't need the import for Node 12 compat, but we do need it to make the file compile.	2023-01-23 19:16:03 +00:00
Henry Mercer	5da183dcc2	Bump npm to v9.2.0 npm v9.3.0 is out, but seems to have a bug with `npm ci` on macOS where it will complain that `node_modules/.bin` is a directory. We specify an exact version for reproducibility of builds.	2023-01-23 19:15:21 +00:00
Henry Mercer	b873a18a2f	Limit Swift autobuild runtime to 10 minutes There's a known issue that causes the Swift autobuilder to hang. By setting a timeout, we'll fail earlier and we can rerun the check earlier.	2023-01-23 19:12:27 +00:00
Henry Mercer	66ed6f46ba	Merge pull request #1503 from github/dependabot/npm_and_yarn/octokit/plugin-retry-4.0.4 Bump @octokit/plugin-retry from 3.0.9 to 4.0.4	2023-01-23 18:53:46 +00:00
Henry Mercer	90bbfad4eb	Fail `prepare-test` early when `gh release list` fails	2023-01-23 18:50:59 +00:00
Henry Mercer	05d21eda44	Merge pull request #1501 from github/henrymercer/codeql-cli-2.12.1 Bump default CodeQL version to 2.12.1	2023-01-23 18:02:27 +00:00
github-actions[bot]	45eb0a66d5	Update checked-in dependencies	2023-01-23 17:26:40 +00:00
dependabot[bot]	78f2db88fc	Bump @octokit/plugin-retry from 3.0.9 to 4.0.4 Bumps [@octokit/plugin-retry](https://github.com/octokit/plugin-retry.js) from 3.0.9 to 4.0.4. - [Release notes](https://github.com/octokit/plugin-retry.js/releases) - [Commits](https://github.com/octokit/plugin-retry.js/compare/v3.0.9...v4.0.4) --- updated-dependencies: - dependency-name: "@octokit/plugin-retry" dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-01-23 17:02:48 +00:00
Andrew Eisenberg	604a6c3f8e	Merge branch 'main' into aeisenberg/upload-sarif-limits	2023-01-23 08:35:54 -08:00
Andrew Eisenberg	fe9baed306	Fix typo in CHANGELOG.md Co-authored-by: Jenny Rukman <jennyrocku@github.com>	2023-01-23 08:35:27 -08:00
Henry Mercer	f9ae0b9ced	Merge branch 'main' into henrymercer/codeql-cli-2.12.1	2023-01-23 13:27:47 +00:00
Henry Mercer	5794d966f2	Merge pull request #1502 from github/henrymercer/python-packages-use-path-from-action Use CodeQL path from `init` Action in Windows Python dependencies PR checks	2023-01-23 13:26:24 +00:00
Henry Mercer	64580b3179	Update workflow name to reflect Windows tests	2023-01-23 13:01:27 +00:00
Henry Mercer	e05bd5a671	Use CodeQL path from `init` Action in Windows Python deps PR checks	2023-01-23 13:01:11 +00:00
Henry Mercer	d37dce28f6	Bump default CodeQL version to 2.12.1	2023-01-23 11:25:09 +00:00
Andrew Eisenberg	42fb057842	Update CHANGELOG.md	2023-01-20 09:41:08 -08:00
Andrew Eisenberg	4dc41e1d1e	Update CHANGELOG.md	2023-01-20 08:28:46 -08:00
Andrew Eisenberg	68a248623f	Update CHANGELOG.md with new limits on uploading SARIF	2023-01-19 09:57:22 -08:00
				`@@ -1 +0,0 @@`
				`{"version":3,"file":"index.js","sources":["../dist-src/VERSION.js"],"sourcesContent":["export const VERSION = \"0.0.0-development\";\n"],"names":["VERSION"],"mappings":";;;;MAAaA,OAAO,GAAG;;;;"}`