Add setup Go

Turn off fast fail for debugging
2026-05-11 00:00:30 +00:00 · 2022-11-15 20:25:05 +00:00 · 2022-11-15 19:44:08 +00:00
255 changed files with 17779 additions and 7492 deletions
@@ -1,4 +1,5 @@
 **/webpack.config.js
 lib/**
+runner/dist/**
 src/testdata/**
 tests/**
@@ -42,8 +42,6 @@ runs:
        packs: ${{ inputs.packs }}
        tools: ${{ inputs.tools }}
        db-location: ${{ runner.temp }}/codescanning-config-cli-test
-      env:
-        CODEQL_ACTION_TEST_MODE: 'true'

    - name: Install dependencies
      shell: bash
@@ -1,17 +1,20 @@
 version: 2
 updates:
-  - package-ecosystem: npm
+  - package-ecosystem: "npm"
    directory: "/"
    schedule:
-      interval: weekly
+      interval: "weekly"
+      day: "thursday" # Gives us a working day to merge this before our typical release
    labels:
-      - Update dependencies
+      - "Update dependencies"
    ignore:
      - dependency-name: "*"
-        update-types:
-          - version-update:semver-minor
-          - version-update:semver-patch
-  - package-ecosystem: github-actions
-    directory: "/"
+        update-types: ["version-update:semver-minor", "version-update:semver-patch"]
+  - package-ecosystem: "npm"
+    directory: "/runner"
    schedule:
-      interval: weekly
+      interval: "weekly"
+      day: "thursday" # Gives us a working day to merge this before our typical release
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-minor", "version-update:semver-patch"]
@@ -35,14 +35,14 @@ runs:
        tools: ${{ inputs.tools }}
        db-location: ${{ runner.temp }}/query-filter-test
      env:
-        CODEQL_ACTION_TEST_MODE: "true"
+        TEST_MODE: "true"
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
        upload: false
      env:
-        CODEQL_ACTION_TEST_MODE: "true"
+        TEST_MODE: "true"
    - name: Check SARIF
      uses: ./../action/.github/check-sarif
      with:
@@ -1,32 +0,0 @@
-name: "Set up Swift"
-description: Performs necessary steps to set up appropriate Swift version.
-inputs:
-  codeql-path:
-    required: true
-runs:
-  using: "composite"
-  steps:
-    - name: Get Swift version
-      id: get_swift_version
-      # We don't support Swift on Windows or prior versions of CLI.
-      if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')"
-      shell: bash
-      env: 
-        CODEQL_PATH: ${{inputs.codeql-path}}
-      run: |
-        if [ $RUNNER_OS = "macOS" ]; then
-          PLATFORM="osx64"
-        else # We do not run this step on Windows.
-          PLATFORM="linux64"
-        fi 
-        SWIFT_EXTRACTOR_DIR="$("$CODEQL_PATH" resolve languages --format json | jq -r '.swift[0]')"
-        VERSION="$("$SWIFT_EXTRACTOR_DIR/tools/$PLATFORM/extractor" --version | awk '/version/ { print $3 }')"
-        # Specify 5.7.0, otherwise setup Action will default to latest minor version. 
-        if [ $VERSION = "5.7" ]; then
-          VERSION="5.7.0"
-        fi
-        echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
-    - uses: swift-actions/setup-swift@194625b58a582570f61cc707c3b558086c26b723
-      if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')"
-      with:
-        swift-version: "${{steps.get_swift_version.outputs.version}}"
@@ -5,7 +5,7 @@ import json
 import os
 import subprocess

-EMPTY_CHANGELOG = """# CodeQL Action Changelog
+EMPTY_CHANGELOG = """# CodeQL Action and CodeQL Runner Changelog

 ## [UNRELEASED]

@@ -7,7 +7,6 @@ name: "PR Check - Analyze: 'ref' and 'sha' from inputs"
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -73,17 +72,14 @@ jobs:
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
-      with:
-        go-version: ^1.13.1
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
        languages: cpp,csharp,java,javascript,python
        config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
          github.sha }}
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
@@ -91,5 +87,7 @@ jobs:
      with:
        ref: refs/heads/main
        sha: 5e235361806c361d4d3f8859e3c897658025a9a2
+      env:
+        TEST_MODE: true
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - autobuild-action
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -47,6 +46,8 @@ jobs:
      with:
        languages: csharp
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - uses: ./../action/autobuild
      env:
      # Explicitly disable the CLR tracer.
@@ -57,6 +58,8 @@ jobs:
        CORECLR_PROFILER: ''
        CORECLR_PROFILER_PATH_64: ''
    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
    - name: Check database
      shell: bash
      run: |
@@ -66,4 +69,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Export file baseline information
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -44,15 +43,12 @@ jobs:
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
-      id: init
      with:
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
      env:
        CODEQL_FILE_BASELINE_INFORMATION: true
-    - uses: ./../action/.github/setup-swift
-      with:
-        codeql-path: ${{steps.init.outputs.codeql-path}}
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
@@ -61,6 +57,7 @@ jobs:
        output: ${{ runner.temp }}/results
      env:
        CODEQL_FILE_BASELINE_INFORMATION: true
+        TEST_MODE: true
    - name: Upload SARIF
      uses: actions/upload-artifact@v3
      with:
@@ -71,7 +68,7 @@ jobs:
      shell: bash
      run: |
        cd "$RUNNER_TEMP/results"
-        expected_baseline_languages="cpp cs go java js py rb swift"
+        expected_baseline_languages="cpp csharp go java js py ruby"

        for lang in ${expected_baseline_languages}; do
          rule_name="${lang}/baseline/expected-extracted-files"
@@ -85,5 +82,4 @@ jobs:
          fi
        done
    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: true # Remove when Swift is GA.
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Extractor ram and threads options test
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -44,6 +43,8 @@ jobs:
        languages: java
        ram: 230
        threads: 1
+      env:
+        TEST_MODE: true
    - name: Assert Results
      shell: bash
      run: |
@@ -64,4 +65,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: 'PR Check - Go: Custom queries'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -73,9 +72,7 @@ jobs:
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+    - uses: actions/setup-go@v3
      with:
        go-version: ^1.13.1
    - uses: ./../action/init
@@ -83,10 +80,14 @@ jobs:
        languages: go
        config-file: ./.github/codeql/custom-queries.yml
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
    env:
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: 'PR Check - Go: tracing with autobuilder step'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -61,17 +60,19 @@ jobs:
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+    - uses: actions/setup-go@v3
      with:
        go-version: ^1.13.1
    - uses: ./../action/init
      with:
        languages: go
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - uses: ./../action/autobuild
    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
    - shell: bash
      run: |
        if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then
@@ -86,4 +87,4 @@ jobs:
        fi
    env:
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: 'PR Check - Go: tracing with custom build steps'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -61,19 +60,21 @@ jobs:
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+    - uses: actions/setup-go@v3
      with:
        go-version: ^1.13.1
    - uses: ./../action/init
      with:
        languages: go
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: go build main.go
    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
    - shell: bash
      run: |
        # Once we start running Bash 4.2 in all environments, we can replace the
@@ -90,4 +91,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: 'PR Check - Go: tracing with legacy workflow'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -61,16 +60,18 @@ jobs:
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+    - uses: actions/setup-go@v3
      with:
        go-version: ^1.13.1
    - uses: ./../action/init
      with:
        languages: go
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
    - shell: bash
      run: |
        cd "$RUNNER_TEMP/codeql_databases"
@@ -80,4 +81,4 @@ jobs:
        fi
    env:
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: 'PR Check - Packaging: Download using registries'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -55,6 +54,8 @@ jobs:
            packages: "*/*"
            token: "${{ secrets.GITHUB_TOKEN }}"

+      env:
+        TEST_MODE: true
    - name: Verify packages installed
      shell: bash
      run: |
@@ -77,4 +78,4 @@ jobs:
            exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Custom source root
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -53,6 +52,8 @@ jobs:
        languages: javascript
        source-root: ../new-source-root
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - uses: ./../action/analyze
      with:
        skip-queries: true
@@ -66,4 +67,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - ML-powered queries
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -61,22 +60,21 @@ jobs:
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
-      with:
-        go-version: ^1.13.1
    - uses: ./../action/init
      with:
        languages: javascript
        queries: security-extended
        source-root: ./../action/tests/ml-powered-queries-repo
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true

    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
+      env:
+        TEST_MODE: true

    - name: Upload SARIF
      uses: actions/upload-artifact@v3
@@ -88,7 +86,8 @@ jobs:
    - name: Check sarif
      uses: ./../action/.github/check-sarif
    # Running on Windows requires CodeQL CLI 2.9.0+.
-      if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')"
+      if: "!(matrix.version == 'stable-20220120' && (matrix.os == 'windows-latest'\
+        \ || matrix.os == 'windows-2019'))"
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss
@@ -98,7 +97,7 @@ jobs:
      env:
      # Running on Windows requires CodeQL CLI 2.9.0+.
        SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220120' &&
-          runner.os == 'Windows') }}
+          (matrix.os == 'windows-latest' || matrix.os == 'windows-2019')) }}
      shell: bash
      run: |
        echo "Expecting ML-powered queries to be run: ${SHOULD_RUN_ML_POWERED_QUERIES}"
@@ -133,4 +132,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Multi-language repository
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -61,30 +60,20 @@ jobs:
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
-      with:
-        go-version: ^1.13.1
    - uses: ./../action/init
-      id: init
      with:
        db-location: ${{ runner.temp }}/customDbLocation
        tools: ${{ steps.prepare-test.outputs.tools-url }}
-
-    - uses: ./../action/.github/setup-swift
-      with:
-        codeql-path: ${{steps.init.outputs.codeql-path}}
-
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
-
    - uses: ./../action/analyze
      id: analysis
-
-    - name: Check language autodetect for all languages excluding Ruby, Swift
-      shell: bash
+      env:
+        TEST_MODE: true
+    - shell: bash
      run: |
        CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }}
        if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
@@ -116,28 +105,5 @@ jobs:
          echo "Did not create a database for Python, or created it in the wrong location."
          exit 1
        fi
-
-    - name: Check language autodetect for Ruby
-      if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version
-        == 'nightly-latest')
-      shell: bash
-      run: |
-        RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }}
-        if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Ruby, or created it in the wrong location."
-          exit 1
-        fi
-
-    - name: Check language autodetect for Swift
-      if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version
-        == 'nightly-latest')
-      shell: bash
-      run: |
-        SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
-        if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Swift, or created it in the wrong location."
-          exit 1
-        fi
    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: 'PR Check - Packaging: Config and input passed to the CLI'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -61,12 +60,16 @@ jobs:
        packs: +dsp-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
+      env:
+        TEST_MODE: true

    - name: Check results
      uses: ./../action/.github/check-sarif
@@ -92,4 +95,4 @@ jobs:
    env:
      CODEQL_PASS_CONFIG_TO_CLI: true

-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: 'PR Check - Packaging: Config and input'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -61,12 +60,16 @@ jobs:
        packs: +dsp-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
+      env:
+        TEST_MODE: true

    - name: Check results
      uses: ./../action/.github/check-sarif
@@ -90,4 +93,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: 'PR Check - Packaging: Config file'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -60,12 +59,16 @@ jobs:
        config-file: .github/codeql/codeql-config-packaging.yml
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
+      env:
+        TEST_MODE: true

    - name: Check results
      uses: ./../action/.github/check-sarif
@@ -89,4 +92,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: 'PR Check - Packaging: Action input'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -61,12 +60,16 @@ jobs:
        languages: javascript
        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2, dsp-testing/codeql-pack3:other-query.ql
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
+      env:
+        TEST_MODE: true

    - name: Check results
      uses: ./../action/.github/check-sarif
@@ -90,4 +93,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Remote config file
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -73,20 +72,19 @@ jobs:
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
-      with:
-        go-version: ^1.13.1
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
        languages: cpp,csharp,java,javascript,python
        config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
          github.sha }}
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - RuboCop multi-language
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -59,5 +58,7 @@ jobs:
    - uses: ./../action/upload-sarif
      with:
        sarif_file: rubocop.sarif
+      env:
+        TEST_MODE: true
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -0,0 +1,70 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pip install ruamel.yaml && python3 sync.py
+# to regenerate this file.
+
+name: PR Check - Ruby analysis using autodetect
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  ruby-autodetect:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+    name: Ruby analysis using autodetect
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - uses: ./../action/init
+      with:
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
+    - uses: ./../action/analyze
+      id: analysis
+      env:
+        TEST_MODE: true
+    - name: Check database
+      shell: bash
+      run: |
+        RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}"
+        if [[ ! -d "$RUBY_DB" ]]; then
+          echo "Did not create a database for Ruby."
+          exit 1
+        fi
+    env:
+      CODEQL_ENABLE_EXPERIMENTAL_FEATURES: 'true'
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Ruby analysis
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -53,8 +52,12 @@ jobs:
      with:
        languages: ruby
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - uses: ./../action/analyze
      id: analysis
+      env:
+        TEST_MODE: true
    - name: Check database
      shell: bash
      run: |
@@ -64,4 +67,5 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      CODEQL_ENABLE_EXPERIMENTAL_FEATURES: 'true'
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Split workflow
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -55,6 +54,8 @@ jobs:
        packs: +dsp-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
@@ -62,6 +63,8 @@ jobs:
      with:
        skip-queries: true
        output: ${{ runner.temp }}/results
+      env:
+        TEST_MODE: true

    - name: Assert No Results
      shell: bash
@@ -74,6 +77,8 @@ jobs:
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
+      env:
+        TEST_MODE: true
    - name: Assert Results
      shell: bash
      run: |
@@ -89,4 +94,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -1,73 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
-# to regenerate this file.
-
-name: PR Check - Submit SARIF after failure
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
-on:
-  push:
-    branches:
-    - main
-    - releases/v1
-    - releases/v2
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-jobs:
-  submit-sarif-failure:
-    strategy:
-      matrix:
-        include:
-        - os: ubuntu-latest
-          version: latest
-        - os: ubuntu-latest
-          version: cached
-        - os: ubuntu-latest
-          version: nightly-latest
-    name: Submit SARIF after failure
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Check out repository
-      uses: actions/checkout@v3
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/prepare-test
-      with:
-        version: ${{ matrix.version }}
-    - uses: actions/checkout@v3
-    - uses: ./init
-      with:
-        languages: javascript
-    - name: Fail
-    # We want this job to pass if the Action correctly uploads the SARIF file for
-    # the failed run.
-    # Setting this step to continue on error means that it is marked as completing
-    # successfully, so will not fail the job.
-      continue-on-error: true
-      run: exit 1
-    - uses: ./analyze
-    # In a real workflow, this step wouldn't run. Since we used `continue-on-error`
-    # above, we manually disable it with an `if` condition.
-      if: false
-      with:
-        category: /test-codeql-version:${{ matrix.version }}
-    env:
-  # Internal-only environment variable used to indicate that the post-init Action
-  # should expect to upload a SARIF file for the failed run.
-      CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true
-  # Make sure the uploading SARIF files feature is enabled.
-      CODEQL_ACTION_UPLOAD_FAILED_SARIF: true
-  # Upload the failed SARIF file as an integration test of the API endpoint.
-      CODEQL_ACTION_TEST_MODE: false
-  # Mark telemetry for this workflow so it can be treated separately.
-      CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks
-
@@ -7,7 +7,6 @@ name: PR Check - Swift analysis using autobuild
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -44,19 +43,16 @@ jobs:
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
-      id: init
      with:
        languages: swift
        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/setup-swift
-      with:
-        codeql-path: ${{steps.init.outputs.codeql-path}}
-    - name: Check working directory
-      shell: bash
-      run: pwd
+      env:
+        TEST_MODE: true
    - uses: ./../action/autobuild
    - uses: ./../action/analyze
      id: analysis
+      env:
+        TEST_MODE: true
    - name: Check database
      shell: bash
      run: |
@@ -66,5 +62,5 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
-      CODEQL_ACTION_TEST_MODE: true
+      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true'
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Swift analysis using a custom build command
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -50,21 +49,18 @@ jobs:
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
-      id: init
      with:
        languages: swift
        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/setup-swift
-      with:
-        codeql-path: ${{steps.init.outputs.codeql-path}}
-    - name: Check working directory
-      shell: bash
-      run: pwd
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
      id: analysis
+      env:
+        TEST_MODE: true
    - name: Check database
      shell: bash
      run: |
@@ -74,6 +70,6 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
+      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true'
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Autobuild working directory
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -50,10 +49,14 @@ jobs:
      with:
        languages: java
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - uses: ./../action/autobuild
      with:
        working-directory: autobuild-dir
    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
    - name: Check database
      shell: bash
      run: |
@@ -63,4 +66,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Local CodeQL bundle
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -48,9 +47,13 @@ jobs:
    - uses: ./../action/init
      with:
        tools: ./codeql-bundle.tar.gz
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Proxy test
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -43,10 +42,14 @@ jobs:
      with:
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
    env:
      https_proxy: http://squid-proxy:3128
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
    container:
      image: ubuntu:22.04
      options: --dns 127.0.0.1
@@ -7,13 +7,13 @@ name: PR Check - Test unsetting environment variables
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v1
    - releases/v2
+    - henrymercer/require-cli-2.6.3-debugging
  pull_request:
    types:
    - opened
@@ -24,6 +24,7 @@ on:
 jobs:
  unset-environment:
    strategy:
+      fail-fast: false
      matrix:
        include:
        - os: ubuntu-20.04
@@ -49,23 +50,22 @@ jobs:
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+    - uses: actions/setup-go@v3
      with:
-        go-version: ^1.13.1
+        go-version: "^1.13.1"
    - uses: ./../action/init
      with:
        db-location: ${{ runner.temp }}/customDbLocation
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
-    # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
-    # workaround for our PR checks.
-      run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME"
-        ./build.sh
+      run: env -i PATH="$PATH" HOME="$HOME" ./build.sh
    - uses: ./../action/analyze
      id: analysis
+      env:
+        TEST_MODE: true
    - shell: bash
      run: |
        CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}"
@@ -105,4 +105,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: "PR Check - Upload-sarif: 'ref' and 'sha' from inputs"
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -73,17 +72,14 @@ jobs:
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
-      with:
-        go-version: ^1.13.1
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
        languages: cpp,csharp,java,javascript,python
        config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
          github.sha }}
+      env:
+        TEST_MODE: true
    - name: Build code
      shell: bash
      run: ./build.sh
@@ -92,9 +88,13 @@ jobs:
        ref: refs/heads/main
        sha: 5e235361806c361d4d3f8859e3c897658025a9a2
        upload: false
+      env:
+        TEST_MODE: true
    - uses: ./../action/upload-sarif
      with:
        ref: refs/heads/main
        sha: 5e235361806c361d4d3f8859e3c897658025a9a2
+      env:
+        TEST_MODE: true
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -7,7 +7,6 @@ name: PR Check - Use a custom `checkout_path`
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -73,11 +72,6 @@ jobs:
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
-      with:
-        go-version: ^1.13.1
    - uses: actions/checkout@v3
      with:
        ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
@@ -89,6 +83,8 @@ jobs:
        languages: csharp,javascript
        source-path: x/y/z/some-path/tests/multi-language-repo
        debug: true
+      env:
+        TEST_MODE: true
    - name: Build code (non-windows)
      shell: bash
      if: ${{ runner.os != 'Windows' }}
@@ -105,12 +101,16 @@ jobs:
        ref: v1.1.0
        sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
        upload: false
+      env:
+        TEST_MODE: true

    - uses: ./../action/upload-sarif
      with:
        ref: v1.1.0
        sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
        checkout_path: x/y/z/some-path/tests/multi-language-repo
+      env:
+        TEST_MODE: true

    - name: Verify SARIF after upload
      shell: bash
@@ -141,4 +141,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ACTION_TEST_MODE: true
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -8,12 +8,6 @@ on:
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
    types: [opened, synchronize, reopened, ready_for_review]
-  schedule:
-    # Weekly on Sunday.
-    - cron: '30 1 * * 0'
-
-env:
-  CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks

 jobs:
  # Identify the CodeQL tool versions to use in the analysis job.
@@ -57,7 +51,7 @@ jobs:
        # be the same as `tools: null`. This allows us to make the job for each of the bundles a
        # required status check.
        #
-        # If we're running on push or schedule, then we can skip running with `tools: latest` when it would be
+        # If we're running on push, then we can skip running with `tools: latest` when it would be
        # the same as running with `tools: null`.
        if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
          VERSIONS_JSON='[null]'
@@ -81,10 +75,8 @@ jobs:
      security-events: write

    steps:
-    - name: Checkout
-      uses: actions/checkout@v3
-    - name: Initialize CodeQL
-      uses: ./init
+    - uses: actions/checkout@v3
+    - uses: ./init
      id: init
      with:
        languages: javascript
@@ -93,5 +85,4 @@ jobs:
    # confirm steps.init.outputs.codeql-path points to the codeql binary
    - name: Print CodeQL Version
      run: ${{steps.init.outputs.codeql-path}} version --format=json
-    - name: Perform CodeQL Analysis
-      uses: ./analyze
+    - uses: ./analyze
@@ -2,9 +2,6 @@
 # when the analyze step fails.
 name: PR Check - Debug artifacts after failure
 env:
-  # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
-  # workaround for our PR checks.
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: true
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 on:
  push:
@@ -26,8 +23,6 @@ jobs:
        os: [ubuntu-latest, macos-latest]
    name: Upload debug artifacts after failure in analyze
    continue-on-error: true
-    env:
-      CODEQL_ACTION_TEST_MODE: true
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
@@ -49,6 +44,8 @@ jobs:
          debug: true
          debug-artifact-name: my-debug-artifacts
          debug-database-name: my-db
+        env:
+          TEST_MODE: true
      - name: Build code
        shell: bash
        run: ./build.sh
@@ -57,6 +54,8 @@ jobs:
        with:
          expect-error: true
          ram: 1
+        env:
+          TEST_MODE: true
  download-and-check-artifacts:
    name: Download and check debug artifacts after failure in analyze
    needs: upload-artifacts
@@ -92,3 +91,4 @@ jobs:
          done
        env:
          GO111MODULE: auto
+          INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -1,9 +1,6 @@
 # Checks logs, SARIF, and database bundle debug artifacts exist.
 name: PR Check - Debug artifact upload
 env:
-  # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
-  # workaround for our PR checks.
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: true
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 on:
  push:
@@ -48,8 +45,6 @@ jobs:
        - os: macos-latest
          version: nightly-latest
    name: Upload debug artifacts
-    env:
-      CODEQL_ACTION_TEST_MODE: true
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
@@ -69,11 +64,15 @@ jobs:
          debug: true
          debug-artifact-name: my-debug-artifacts
          debug-database-name: my-db
+        env:
+          TEST_MODE: true
      - name: Build code
        shell: bash
        run: ./build.sh
      - uses: ./../action/analyze
        id: analysis  
+        env:
+          TEST_MODE: true
  download-and-check-artifacts:
    name: Download and check debug artifacts
    needs: upload-artifacts
@@ -118,3 +117,4 @@ jobs:
          done
        env:
          GO111MODULE: auto
+          INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
@@ -17,8 +17,6 @@ on:
 jobs:
  expected-queries:
    name: Expected Queries Tests
-    env:
-      CODEQL_ACTION_TEST_MODE: true
    timeout-minutes: 45
    runs-on: ubuntu-latest
    steps:
@@ -33,11 +31,15 @@ jobs:
      with:
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
        upload: false
+      env:
+        TEST_MODE: true

    - name: Check Sarif
      uses: ./../action/.github/check-sarif
@@ -88,7 +88,7 @@ jobs:
          fi

      - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v3
        with:
          python-version: 3.8

@@ -28,7 +28,17 @@ jobs:
        matrix:
          os: [ubuntu-20.04, ubuntu-22.04, macos-latest]
          python_deps_type: [pipenv, poetry, requirements, setup_py]
-          python_version: [3]
+          python_version: [2, 3]
+          exclude:
+            # Python2 and poetry are not supported. See https://github.com/actions/setup-python/issues/374
+            - python_version: 2
+              python_deps_type: poetry
+            # Python2 and pipenv are not supported since pipenv v2021.11.5
+            - python_version: 2
+              python_deps_type: pipenv
+            # Python2 is not available on ubuntu-22.04 by default -- see https://github.com/github/codeql-action/pull/1257
+            - python_version: 2
+              os: ubuntu-22.04


    env:
@@ -128,10 +138,16 @@ jobs:
        fail-fast: false
        matrix:
          python_deps_type: [pipenv, poetry, requirements, setup_py]
-          python_version: [3]
+          python_version: [2, 3]
+          exclude:
+            # Python2 and poetry are not supported. See https://github.com/actions/setup-python/issues/374
+            - python_version: 2
+              python_deps_type: poetry
+            # Python2 and pipenv are not supported since pipenv v2021.11.5
+            - python_version: 2
+              python_deps_type: pipenv

    env:
-      CODEQL_ACTION_TEST_MODE: true
      PYTHON_DEPS_TYPE: ${{ matrix.python_deps_type }}
      PYTHON_VERSION: ${{ matrix.python_version }}

@@ -139,7 +155,7 @@ jobs:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
    - uses: actions/checkout@v3

-    - uses: actions/setup-python@v4
+    - uses: actions/setup-python@v3
      with:
        python-version: ${{ matrix.python_version }}

@@ -149,6 +165,8 @@ jobs:
        tools: latest
        languages: python
        setup-python-dependencies: false
+      env:
+        TEST_MODE: true

    - name: Test Auto Package Installation
      run: |
@@ -0,0 +1,412 @@
+name: CodeQL Runner Checks
+
+on:
+  push:
+    branches: [main, releases/v1, releases/v2]
+  pull_request:
+    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
+    # by other workflows.
+    types: [opened, synchronize, reopened, ready_for_review]
+  workflow_dispatch:
+
+jobs:
+  runner-analyze-javascript-ubuntu:
+    name: Runner ubuntu JS analyze
+
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          # Pass --config-file here, but not for other jobs in this workflow.
+          # This means we're testing the config file parsing in the runner
+          # but not slowing down all jobs unnecessarily as it doesn't add much
+          # testing the parsing on different operating systems and languages.
+          runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Run analyze
+        run: |
+          runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-javascript-windows:
+    name: Runner windows JS analyze
+    timeout-minutes: 45
+    runs-on: windows-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages javascript --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Run analyze
+        run: |
+          runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-javascript-macos:
+    name: Runner macos JS analyze
+    timeout-minutes: 45
+    runs-on: macos-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Run analyze
+        run: |
+          runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-ubuntu:
+    name: Runner ubuntu C# analyze
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        run: |
+          . ./codeql-runner/codeql-env.sh
+          $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-windows:
+    name: Runner windows C# analyze
+
+    # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
+    # `windows-latest`.
+    timeout-minutes: 45
+    runs-on: windows-2019
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        shell: powershell
+        run: |
+          cat ./codeql-runner/codeql-env.sh | Invoke-Expression
+          & $Env:CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
+
+      - name: Upload tracer logs
+        uses: actions/upload-artifact@v3
+        with:
+          name: tracer-logs
+          path: ./codeql-runner/compound-build-tracer.log
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-macos:
+    name: Runner macos C# analyze
+    timeout-minutes: 45
+
+    runs-on: macos-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        shell: bash
+        run: |
+          . ./codeql-runner/codeql-env.sh
+          $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-autobuild-ubuntu:
+    name: Runner ubuntu autobuild C# analyze
+    timeout-minutes: 45
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        run: |
+          ../action/runner/dist/codeql-runner-linux autobuild
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-autobuild-windows:
+    timeout-minutes: 45
+    name: Runner windows autobuild C# analyze
+
+    # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
+    # `windows-latest`.
+    runs-on: windows-2019
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        shell: powershell
+        run: |
+          ../action/runner/dist/codeql-runner-win.exe autobuild
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-autobuild-macos:
+    name: Runner macos autobuild C# analyze
+
+    runs-on: macos-latest
+    timeout-minutes: 45
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        shell: bash
+        run: |
+          . codeql-runner/codeql-env.sh
+          CODEQL_RUNNER="$(cat codeql-runner/codeql-env.json | jq -r '.CODEQL_RUNNER')"
+          echo "$CODEQL_RUNNER"
+          $CODEQL_RUNNER ../action/runner/dist/codeql-runner-macos autobuild
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-upload-sarif:
+    name: Runner upload sarif
+
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+
+    if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }}
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - name: Upload with runner
+        run: |
+          # Deliberately don't use TEST_MODE here. This is specifically testing
+          # the compatibility with the API.
+          runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+  runner-extractor-ram-threads-options:
+    name: Runner ubuntu extractor RAM and threads options
+
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          runner/dist/codeql-runner-linux init --ram=230 --threads=1 --repository $GITHUB_REPOSITORY --languages java --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Assert Results
+        shell: bash
+        run: |
+          . ./codeql-runner/codeql-env.sh
+          if [ "${CODEQL_RAM}" != "230" ]; then
+            echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230"
+            exit 1
+          fi
+          if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then
+            echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230"
+            exit 1
+          fi
+          if [ "${CODEQL_THREADS}" != "1" ]; then
+            echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1"
+            exit 1
+          fi
+          if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then
+            echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1"
+            exit 1
+          fi
@@ -10,7 +10,7 @@ fi

 if [ "$#" -eq 1 ]; then
  # If we were passed an argument, use that as the SHA
-  GITHUB_SHA="$1"
+  GITHUB_SHA="$0"
 elif [ "$#" -gt 1 ]; then
  echo "Usage: $0 [SHA]"
  echo "Update the required checks based on the SHA, or main."
@@ -23,7 +23,7 @@ fi
 echo "Getting checks for $GITHUB_SHA"

 # Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
+CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"

 echo "$CHECKS" | jq

@@ -29,7 +29,7 @@ jobs:
        fetch-depth: 0

    - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v3
      with:
        python-version: 3.8

@@ -13,7 +13,7 @@ jobs:

    steps:
      - name: Setup Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v3
        with:
          python-version: "3.7"
      - name: Checkout CodeQL Action
@@ -35,7 +35,7 @@ jobs:
        env:
          ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
      - name: Commit Changes
-        uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3
+        uses: peter-evans/create-pull-request@c7f493a8000b8aeb17a1332e326ba76b57cb83eb # v3.4.1
        with:
          commit-message: Update supported GitHub Enterprise Server versions.
          title: Update supported GitHub Enterprise Server versions.
@@ -1,2 +1,4 @@
+/runner/dist/
+/runner/node_modules/
 # Ignore for example failing-tests.json from AVA
 node_modules/.cache
@@ -1 +0,0 @@
-lockfile-version=3
@@ -2,36 +2,13 @@

 ## [UNRELEASED]

- Update default CodeQL bundle version to 2.12.0. [#1466](https://github.com/github/codeql-action/pull/1466)
-
-## 2.1.37 - 14 Dec 2022
-
- Update default CodeQL bundle version to 2.11.6. [#1433](https://github.com/github/codeql-action/pull/1433)
-
-## 2.1.36 - 08 Dec 2022
-
- Update default CodeQL bundle version to 2.11.5. [#1412](https://github.com/github/codeql-action/pull/1412)
- Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. [#1393](https://github.com/github/codeql-action/pull/1393)
- Python automatic dependency installation will no longer consider dependecy code installed in venv as user-written, for projects using Poetry that specify `virtualenvs.in-project = true` in their `poetry.toml`. [#1419](https://github.com/github/codeql-action/pull/1419).
-
-## 2.1.35 - 01 Dec 2022
-
-No user facing changes.
-
-## 2.1.34 - 25 Nov 2022
-
- Update default CodeQL bundle version to 2.11.4. [#1391](https://github.com/github/codeql-action/pull/1391)
- Fixed a bug where some the `init` action and the `analyze` action would have different sets of experimental feature flags enabled. [#1384](https://github.com/github/codeql-action/pull/1384)
-
-## 2.1.33 - 16 Nov 2022
-
 - Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in [CodeQL Action version 2.1.27](#2127---06-oct-2022). [#1322](https://github.com/github/codeql-action/pull/1322)
- Bump the minimum CodeQL bundle version to 2.6.3. [#1358](https://github.com/github/codeql-action/pull/1358)

 ## 2.1.32 - 14 Nov 2022

 - Update default CodeQL bundle version to 2.11.3. [#1348](https://github.com/github/codeql-action/pull/1348)
 - Update the ML-powered additional query pack for JavaScript to version 0.4.0. [#1351](https://github.com/github/codeql-action/pull/1351)
+- Bump the minimum CodeQL bundle version to 2.6.3. [#1358](https://github.com/github/codeql-action/pull/1358)

 ## 2.1.31 - 04 Nov 2022

@@ -38,6 +38,10 @@ To see the effect of your changes and to test them, push your changes in a branc

 As well as the unit tests (see _Common tasks_ above), there are integration tests, defined in `.github/workflows/integration-testing.yml`.  These are run by a CI check.  Depending on the change you’re making, you may want to add a test to this file or extend an existing one.

+### Building the CodeQL runner
+
+Navigate to the `runner` directory and run `npm install` to install dependencies needed only for compiling the CodeQL runner. Run `npm run build-runner` to output files to the `runner/dist` directory.
+
 ## Submitting a pull request

 1. [Fork][fork] and clone the repository
@@ -59,7 +59,7 @@ jobs:
        uses: github/codeql-action/init@v2
        # Override language selection by uncommenting this and choosing your languages
        # with:
-        #   languages: go, javascript, csharp, python, cpp, java, ruby
+        #   languages: go, javascript, csharp, python, cpp, java

      # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
      # If this step fails, then you should remove it and run the build manually (see below).
@@ -12,7 +12,6 @@ inputs:
  upload:
    description: Upload the SARIF file to Code Scanning
    required: false
-    # If changing this, make sure to update workflow.ts accordingly.
    default: "true"
  cleanup-level:
    description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --mode flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
@@ -45,7 +44,6 @@ inputs:
  checkout_path:
    description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
    required: false
-    # If changing this, make sure to update workflow.ts accordingly.
    default: ${{ github.workspace }}
  ref:
    description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is not available in pull requests from forks."
@@ -19,24 +19,29 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.workflowEventName = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
+exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.workflowEventName = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.getWorkflowRunID = exports.getWorkflow = exports.formatWorkflowCause = exports.formatWorkflowErrors = exports.validateWorkflow = exports.getWorkflowErrors = exports.WorkflowErrors = exports.patternIsSuperset = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const safeWhich = __importStar(require("@chrisgavin/safe-which"));
+const yaml = __importStar(require("js-yaml"));
 const api = __importStar(require("./api-client"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util_1 = require("./util");
-const workflow_1 = require("./workflow");
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
+/**
+ * The utils in this module are meant to be run inside of the action only.
+ * Code paths from the runner should not enter this module.
+ */
 /**
 * Wrapper around core.getInput for inputs that always have a value.
 * Also see getOptionalInput.
 *
- * This allows us to get stronger type checking of required/optional inputs.
+ * This allows us to get stronger type checking of required/optional inputs
+ * and make behaviour more consistent between actions and the runner.
 */
 function getRequiredInput(name) {
    return core.getInput(name, { required: true });
@@ -46,7 +51,8 @@ exports.getRequiredInput = getRequiredInput;
 * Wrapper around core.getInput that converts empty inputs to undefined.
 * Also see getRequiredInput.
 *
- * This allows us to get stronger type checking of required/optional inputs.
+ * This allows us to get stronger type checking of required/optional inputs
+ * and make behaviour more consistent between actions and the runner.
 */
 const getOptionalInput = function (name) {
    const value = core.getInput(name);
@@ -145,6 +151,225 @@ const determineMergeBaseCommitOid = async function () {
    }
 };
 exports.determineMergeBaseCommitOid = determineMergeBaseCommitOid;
+function isObject(o) {
+    return o !== null && typeof o === "object";
+}
+const GLOB_PATTERN = new RegExp("(\\*\\*?)");
+function escapeRegExp(string) {
+    return string.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"); // $& means the whole matched string
+}
+function patternToRegExp(value) {
+    return new RegExp(`^${value
+        .toString()
+        .split(GLOB_PATTERN)
+        .reduce(function (arr, cur) {
+        if (cur === "**") {
+            arr.push(".*?");
+        }
+        else if (cur === "*") {
+            arr.push("[^/]*?");
+        }
+        else if (cur) {
+            arr.push(escapeRegExp(cur));
+        }
+        return arr;
+    }, [])
+        .join("")}$`);
+}
+// this function should return true if patternA is a superset of patternB
+// e.g: * is a superset of main-* but main-* is not a superset of *.
+function patternIsSuperset(patternA, patternB) {
+    return patternToRegExp(patternA).test(patternB);
+}
+exports.patternIsSuperset = patternIsSuperset;
+function branchesToArray(branches) {
+    if (typeof branches === "string") {
+        return [branches];
+    }
+    if (Array.isArray(branches)) {
+        if (branches.length === 0) {
+            return "**";
+        }
+        return branches;
+    }
+    return "**";
+}
+function toCodedErrors(errors) {
+    return Object.entries(errors).reduce((acc, [key, value]) => {
+        acc[key] = { message: value, code: key };
+        return acc;
+    }, {});
+}
+// code to send back via status report
+// message to add as a warning annotation to the run
+exports.WorkflowErrors = toCodedErrors({
+    MismatchedBranches: `Please make sure that every branch in on.pull_request is also in on.push so that Code Scanning can compare pull requests against the state of the base branch.`,
+    MissingPushHook: `Please specify an on.push hook so that Code Scanning can compare pull requests against the state of the base branch.`,
+    PathsSpecified: `Using on.push.paths can prevent Code Scanning annotating new alerts in your pull requests.`,
+    PathsIgnoreSpecified: `Using on.push.paths-ignore can prevent Code Scanning annotating new alerts in your pull requests.`,
+    CheckoutWrongHead: `git checkout HEAD^2 is no longer necessary. Please remove this step as Code Scanning recommends analyzing the merge commit for best results.`,
+});
+function getWorkflowErrors(doc) {
+    var _a, _b, _c, _d, _e;
+    const errors = [];
+    const jobName = process.env.GITHUB_JOB;
+    if (jobName) {
+        const job = (_a = doc === null || doc === void 0 ? void 0 : doc.jobs) === null || _a === void 0 ? void 0 : _a[jobName];
+        const steps = job === null || job === void 0 ? void 0 : job.steps;
+        if (Array.isArray(steps)) {
+            for (const step of steps) {
+                // this was advice that we used to give in the README
+                // we actually want to run the analysis on the merge commit
+                // to produce results that are more inline with expectations
+                // (i.e: this is what will happen if you merge this PR)
+                // and avoid some race conditions
+                if ((step === null || step === void 0 ? void 0 : step.run) === "git checkout HEAD^2") {
+                    errors.push(exports.WorkflowErrors.CheckoutWrongHead);
+                    break;
+                }
+            }
+        }
+    }
+    let missingPush = false;
+    if (doc.on === undefined) {
+        // this is not a valid config
+    }
+    else if (typeof doc.on === "string") {
+        if (doc.on === "pull_request") {
+            missingPush = true;
+        }
+    }
+    else if (Array.isArray(doc.on)) {
+        const hasPush = doc.on.includes("push");
+        const hasPullRequest = doc.on.includes("pull_request");
+        if (hasPullRequest && !hasPush) {
+            missingPush = true;
+        }
+    }
+    else if (isObject(doc.on)) {
+        const hasPush = Object.prototype.hasOwnProperty.call(doc.on, "push");
+        const hasPullRequest = Object.prototype.hasOwnProperty.call(doc.on, "pull_request");
+        if (!hasPush && hasPullRequest) {
+            missingPush = true;
+        }
+        if (hasPush && hasPullRequest) {
+            const paths = (_b = doc.on.push) === null || _b === void 0 ? void 0 : _b.paths;
+            // if you specify paths or paths-ignore you can end up with commits that have no baseline
+            // if they didn't change any files
+            // currently we cannot go back through the history and find the most recent baseline
+            if (Array.isArray(paths) && paths.length > 0) {
+                errors.push(exports.WorkflowErrors.PathsSpecified);
+            }
+            const pathsIgnore = (_c = doc.on.push) === null || _c === void 0 ? void 0 : _c["paths-ignore"];
+            if (Array.isArray(pathsIgnore) && pathsIgnore.length > 0) {
+                errors.push(exports.WorkflowErrors.PathsIgnoreSpecified);
+            }
+        }
+        // if doc.on.pull_request is null that means 'all branches'
+        // if doc.on.pull_request is undefined that means 'off'
+        // we only want to check for mismatched branches if pull_request is on.
+        if (doc.on.pull_request !== undefined) {
+            const push = branchesToArray((_d = doc.on.push) === null || _d === void 0 ? void 0 : _d.branches);
+            if (push !== "**") {
+                const pull_request = branchesToArray((_e = doc.on.pull_request) === null || _e === void 0 ? void 0 : _e.branches);
+                if (pull_request !== "**") {
+                    const difference = pull_request.filter((value) => !push.some((o) => patternIsSuperset(o, value)));
+                    if (difference.length > 0) {
+                        // there are branches in pull_request that may not have a baseline
+                        // because we are not building them on push
+                        errors.push(exports.WorkflowErrors.MismatchedBranches);
+                    }
+                }
+                else if (push.length > 0) {
+                    // push is set up to run on a subset of branches
+                    // and you could open a PR against a branch with no baseline
+                    errors.push(exports.WorkflowErrors.MismatchedBranches);
+                }
+            }
+        }
+    }
+    if (missingPush) {
+        errors.push(exports.WorkflowErrors.MissingPushHook);
+    }
+    return errors;
+}
+exports.getWorkflowErrors = getWorkflowErrors;
+async function validateWorkflow() {
+    let workflow;
+    try {
+        workflow = await getWorkflow();
+    }
+    catch (e) {
+        return `error: getWorkflow() failed: ${String(e)}`;
+    }
+    let workflowErrors;
+    try {
+        workflowErrors = getWorkflowErrors(workflow);
+    }
+    catch (e) {
+        return `error: getWorkflowErrors() failed: ${String(e)}`;
+    }
+    if (workflowErrors.length > 0) {
+        let message;
+        try {
+            message = formatWorkflowErrors(workflowErrors);
+        }
+        catch (e) {
+            return `error: formatWorkflowErrors() failed: ${String(e)}`;
+        }
+        core.warning(message);
+    }
+    return formatWorkflowCause(workflowErrors);
+}
+exports.validateWorkflow = validateWorkflow;
+function formatWorkflowErrors(errors) {
+    const issuesWere = errors.length === 1 ? "issue was" : "issues were";
+    const errorsList = errors.map((e) => e.message).join(" ");
+    return `${errors.length} ${issuesWere} detected with this workflow: ${errorsList}`;
+}
+exports.formatWorkflowErrors = formatWorkflowErrors;
+function formatWorkflowCause(errors) {
+    if (errors.length === 0) {
+        return undefined;
+    }
+    return errors.map((e) => e.code).join(",");
+}
+exports.formatWorkflowCause = formatWorkflowCause;
+async function getWorkflow() {
+    const relativePath = await getWorkflowPath();
+    const absolutePath = path.join((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), relativePath);
+    return yaml.load(fs.readFileSync(absolutePath, "utf-8"));
+}
+exports.getWorkflow = getWorkflow;
+/**
+ * Get the path of the currently executing workflow.
+ */
+async function getWorkflowPath() {
+    const repo_nwo = (0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY").split("/");
+    const owner = repo_nwo[0];
+    const repo = repo_nwo[1];
+    const run_id = Number((0, util_1.getRequiredEnvParam)("GITHUB_RUN_ID"));
+    const apiClient = api.getActionsApiClient();
+    const runsResponse = await apiClient.request("GET /repos/:owner/:repo/actions/runs/:run_id?exclude_pull_requests=true", {
+        owner,
+        repo,
+        run_id,
+    });
+    const workflowUrl = runsResponse.data.workflow_url;
+    const workflowResponse = await apiClient.request(`GET ${workflowUrl}`);
+    return workflowResponse.data.path;
+}
+/**
+ * Get the workflow run ID.
+ */
+function getWorkflowRunID() {
+    const workflowRunID = parseInt((0, util_1.getRequiredEnvParam)("GITHUB_RUN_ID"), 10);
+    if (Number.isNaN(workflowRunID)) {
+        throw new Error("GITHUB_RUN_ID must define a non NaN workflow run ID");
+    }
+    return workflowRunID;
+}
+exports.getWorkflowRunID = getWorkflowRunID;
 /**
 * Get the analysis key parameter for the current job.
 *
@@ -158,7 +383,7 @@ async function getAnalysisKey() {
    if (analysisKey !== undefined) {
        return analysisKey;
    }
-    const workflowPath = await (0, workflow_1.getWorkflowPath)();
+    const workflowPath = await getWorkflowPath();
    const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
    analysisKey = `${workflowPath}:${jobName}`;
    core.exportVariable(analysisKeyEnvVar, analysisKey);
@@ -173,10 +398,10 @@ async function getAutomationID() {
 exports.getAutomationID = getAutomationID;
 function computeAutomationID(analysis_key, environment) {
    let automationID = `${analysis_key}/`;
-    const matrix = (0, util_1.parseMatrixInput)(environment);
-    if (matrix !== undefined) {
-        // the id has to be deterministic so we sort the fields
-        for (const entry of Object.entries(matrix).sort()) {
+    // the id has to be deterministic so we sort the fields
+    if (environment !== undefined && environment !== "null") {
+        const environmentObject = JSON.parse(environment);
+        for (const entry of Object.entries(environmentObject).sort()) {
            if (typeof entry[1] === "string") {
                automationID += `${entry[0]}:${entry[1]}/`;
            }
@@ -207,7 +432,7 @@ async function getRef() {
    if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) {
        throw new Error("Both 'ref' and 'sha' are required if one of them is provided.");
    }
-    const ref = refInput || getRefFromEnv();
+    const ref = refInput || (0, util_1.getRequiredEnvParam)("GITHUB_REF");
    const sha = shaInput || (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
    // If the ref is a user-provided input, we have to skip logic
    // and assume that it is really where they want to upload the results.
@@ -240,26 +465,6 @@ async function getRef() {
    }
 }
 exports.getRef = getRef;
-function getRefFromEnv() {
-    // To workaround a limitation of Actions dynamic workflows not setting
-    // the GITHUB_REF in some cases, we accept also the ref within the
-    // CODE_SCANNING_REF variable. When possible, however, we prefer to use
-    // the GITHUB_REF as that is a protected variable and cannot be overwritten.
-    let refEnv;
-    try {
-        refEnv = (0, util_1.getRequiredEnvParam)("GITHUB_REF");
-    }
-    catch (e) {
-        // If the GITHUB_REF is not set, we try to rescue by getting the
-        // CODE_SCANNING_REF.
-        const maybeRef = process.env["CODE_SCANNING_REF"];
-        if (maybeRef === undefined || maybeRef.length === 0) {
-            throw e;
-        }
-        refEnv = maybeRef;
-    }
-    return refEnv;
-}
 function getActionsStatus(error, otherFailureCause) {
    if (error || otherFailureCause) {
        return error instanceof util_1.UserError ? "user-error" : "failure";
@@ -374,7 +579,7 @@ async function sendStatusReport(statusReport) {
    }
    const nwo = (0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY");
    const [owner, repo] = nwo.split("/");
-    const client = api.getApiClient();
+    const client = api.getActionsApiClient();
    try {
        await client.request("PUT /repos/:owner/:repo/code-scanning/analysis/status", {
            owner,
@@ -25,10 +25,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
+const yaml = __importStar(require("js-yaml"));
 const sinon = __importStar(require("sinon"));
 const actionsutil = __importStar(require("./actions-util"));
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
+function errorCodes(actual, expected) {
+    return [actual.map(({ code }) => code), expected.map(({ code }) => code)];
+}
 (0, testing_utils_1.setupTests)(ava_1.default);
 (0, ava_1.default)("getRef() throws on the empty string", async (t) => {
    process.env["GITHUB_REF"] = "";
@@ -94,30 +98,6 @@ const util_1 = require("./util");
        getAdditionalInputStub.restore();
    });
 });
-(0, ava_1.default)("getRef() returns CODE_SCANNING_REF as a fallback for GITHUB_REF", async (t) => {
-    await (0, util_1.withTmpDir)(async (tmpDir) => {
-        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        const expectedRef = "refs/pull/1/HEAD";
-        const currentSha = "a".repeat(40);
-        process.env["CODE_SCANNING_REF"] = expectedRef;
-        process.env["GITHUB_REF"] = "";
-        process.env["GITHUB_SHA"] = currentSha;
-        const actualRef = await actionsutil.getRef();
-        t.deepEqual(actualRef, expectedRef);
-    });
-});
-(0, ava_1.default)("getRef() returns GITHUB_REF over CODE_SCANNING_REF if both are provided", async (t) => {
-    await (0, util_1.withTmpDir)(async (tmpDir) => {
-        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        const expectedRef = "refs/pull/1/merge";
-        const currentSha = "a".repeat(40);
-        process.env["CODE_SCANNING_REF"] = "refs/pull/1/HEAD";
-        process.env["GITHUB_REF"] = expectedRef;
-        process.env["GITHUB_SHA"] = currentSha;
-        const actualRef = await actionsutil.getRef();
-        t.deepEqual(actualRef, expectedRef);
-    });
-});
 (0, ava_1.default)("getRef() throws an error if only `ref` is provided as an input", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
@@ -163,9 +143,340 @@ const util_1 = require("./util");
    actualAutomationID = actionsutil.computeAutomationID(".github/workflows/codeql-analysis.yml:analyze", undefined);
    t.deepEqual(actualAutomationID, ".github/workflows/codeql-analysis.yml:analyze/");
 });
+(0, ava_1.default)("getWorkflowErrors() when on is empty", (t) => {
+    const errors = actionsutil.getWorkflowErrors({ on: {} });
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.push is an array missing pull_request", (t) => {
+    const errors = actionsutil.getWorkflowErrors({ on: ["push"] });
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.push is an array missing push", (t) => {
+    const errors = actionsutil.getWorkflowErrors({ on: ["pull_request"] });
+    t.deepEqual(...errorCodes(errors, [actionsutil.WorkflowErrors.MissingPushHook]));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.push is valid", (t) => {
+    const errors = actionsutil.getWorkflowErrors({
+        on: ["push", "pull_request"],
+    });
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.push is a valid superset", (t) => {
+    const errors = actionsutil.getWorkflowErrors({
+        on: ["push", "pull_request", "schedule"],
+    });
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.push should not have a path", (t) => {
+    const errors = actionsutil.getWorkflowErrors({
+        on: {
+            push: { branches: ["main"], paths: ["test/*"] },
+            pull_request: { branches: ["main"] },
+        },
+    });
+    t.deepEqual(...errorCodes(errors, [actionsutil.WorkflowErrors.PathsSpecified]));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.push is a correct object", (t) => {
+    const errors = actionsutil.getWorkflowErrors({
+        on: { push: { branches: ["main"] }, pull_request: { branches: ["main"] } },
+    });
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.pull_requests is a string", (t) => {
+    const errors = actionsutil.getWorkflowErrors({
+        on: { push: { branches: ["main"] }, pull_request: { branches: "*" } },
+    });
+    t.deepEqual(...errorCodes(errors, [actionsutil.WorkflowErrors.MismatchedBranches]));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.pull_requests is a string and correct", (t) => {
+    const errors = actionsutil.getWorkflowErrors({
+        on: { push: { branches: "*" }, pull_request: { branches: "*" } },
+    });
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.push is correct with empty objects", (t) => {
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
+on:
+  push:
+  pull_request:
+`));
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.push is mismatched", (t) => {
+    const errors = actionsutil.getWorkflowErrors({
+        on: {
+            push: { branches: ["main"] },
+            pull_request: { branches: ["feature"] },
+        },
+    });
+    t.deepEqual(...errorCodes(errors, [actionsutil.WorkflowErrors.MismatchedBranches]));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.push is not mismatched", (t) => {
+    const errors = actionsutil.getWorkflowErrors({
+        on: {
+            push: { branches: ["main", "feature"] },
+            pull_request: { branches: ["main"] },
+        },
+    });
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.push is mismatched for pull_request", (t) => {
+    const errors = actionsutil.getWorkflowErrors({
+        on: {
+            push: { branches: ["main"] },
+            pull_request: { branches: ["main", "feature"] },
+        },
+    });
+    t.deepEqual(...errorCodes(errors, [actionsutil.WorkflowErrors.MismatchedBranches]));
+});
+(0, ava_1.default)("getWorkflowErrors() for a range of malformed workflows", (t) => {
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors({
+        on: {
+            push: 1,
+            pull_request: 1,
+        },
+    }), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors({
+        on: 1,
+    }), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors({
+        on: 1,
+        jobs: 1,
+    }), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors({
+        on: 1,
+        jobs: [1],
+    }), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors({
+        on: 1,
+        jobs: { 1: 1 },
+    }), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors({
+        on: 1,
+        jobs: { test: 1 },
+    }), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors({
+        on: 1,
+        jobs: { test: [1] },
+    }), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors({
+        on: 1,
+        jobs: { test: { steps: 1 } },
+    }), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors({
+        on: 1,
+        jobs: { test: { steps: [{ notrun: "git checkout HEAD^2" }] } },
+    }), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors({
+        on: 1,
+        jobs: { test: [undefined] },
+    }), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(1), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors({
+        on: {
+            push: {
+                branches: 1,
+            },
+            pull_request: {
+                branches: 1,
+            },
+        },
+    }), []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.pull_request for every branch but push specifies branches", (t) => {
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
+name: "CodeQL"
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+`));
+    t.deepEqual(...errorCodes(errors, [actionsutil.WorkflowErrors.MismatchedBranches]));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.pull_request for wildcard branches", (t) => {
+    const errors = actionsutil.getWorkflowErrors({
+        on: {
+            push: { branches: ["feature/*"] },
+            pull_request: { branches: "feature/moose" },
+        },
+    });
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.pull_request for mismatched wildcard branches", (t) => {
+    const errors = actionsutil.getWorkflowErrors({
+        on: {
+            push: { branches: ["feature/moose"] },
+            pull_request: { branches: "feature/*" },
+        },
+    });
+    t.deepEqual(...errorCodes(errors, [actionsutil.WorkflowErrors.MismatchedBranches]));
+});
+(0, ava_1.default)("getWorkflowErrors() when HEAD^2 is checked out", (t) => {
+    process.env.GITHUB_JOB = "test";
+    const errors = actionsutil.getWorkflowErrors({
+        on: ["push", "pull_request"],
+        jobs: { test: { steps: [{ run: "git checkout HEAD^2" }] } },
+    });
+    t.deepEqual(...errorCodes(errors, [actionsutil.WorkflowErrors.CheckoutWrongHead]));
+});
+(0, ava_1.default)("formatWorkflowErrors() when there is one error", (t) => {
+    const message = actionsutil.formatWorkflowErrors([
+        actionsutil.WorkflowErrors.CheckoutWrongHead,
+    ]);
+    t.true(message.startsWith("1 issue was detected with this workflow:"));
+});
+(0, ava_1.default)("formatWorkflowErrors() when there are multiple errors", (t) => {
+    const message = actionsutil.formatWorkflowErrors([
+        actionsutil.WorkflowErrors.CheckoutWrongHead,
+        actionsutil.WorkflowErrors.PathsSpecified,
+    ]);
+    t.true(message.startsWith("2 issues were detected with this workflow:"));
+});
+(0, ava_1.default)("formatWorkflowCause() with no errors", (t) => {
+    const message = actionsutil.formatWorkflowCause([]);
+    t.deepEqual(message, undefined);
+});
+(0, ava_1.default)("formatWorkflowCause()", (t) => {
+    const message = actionsutil.formatWorkflowCause([
+        actionsutil.WorkflowErrors.CheckoutWrongHead,
+        actionsutil.WorkflowErrors.PathsSpecified,
+    ]);
+    t.deepEqual(message, "CheckoutWrongHead,PathsSpecified");
+    t.deepEqual(actionsutil.formatWorkflowCause([]), undefined);
+});
+(0, ava_1.default)("patternIsSuperset()", (t) => {
+    t.false(actionsutil.patternIsSuperset("main-*", "main"));
+    t.true(actionsutil.patternIsSuperset("*", "*"));
+    t.true(actionsutil.patternIsSuperset("*", "main-*"));
+    t.false(actionsutil.patternIsSuperset("main-*", "*"));
+    t.false(actionsutil.patternIsSuperset("main-*", "main"));
+    t.true(actionsutil.patternIsSuperset("main", "main"));
+    t.false(actionsutil.patternIsSuperset("*", "feature/*"));
+    t.true(actionsutil.patternIsSuperset("**", "feature/*"));
+    t.false(actionsutil.patternIsSuperset("feature-*", "**"));
+    t.false(actionsutil.patternIsSuperset("a/**/c", "a/**/d"));
+    t.false(actionsutil.patternIsSuperset("a/**/c", "a/**"));
+    t.true(actionsutil.patternIsSuperset("a/**", "a/**/c"));
+    t.true(actionsutil.patternIsSuperset("a/**/c", "a/main-**/c"));
+    t.false(actionsutil.patternIsSuperset("a/**/b/**/c", "a/**/d/**/c"));
+    t.true(actionsutil.patternIsSuperset("a/**/b/**/c", "a/**/b/c/**/c"));
+    t.true(actionsutil.patternIsSuperset("a/**/b/**/c", "a/**/b/d/**/c"));
+    t.false(actionsutil.patternIsSuperset("a/**/c/d/**/c", "a/**/b/**/c"));
+    t.false(actionsutil.patternIsSuperset("a/main-**/c", "a/**/c"));
+    t.true(actionsutil.patternIsSuperset("/robin/*/release/*", "/robin/moose/release/goose"));
+    t.false(actionsutil.patternIsSuperset("/robin/moose/release/goose", "/robin/*/release/*"));
+});
+(0, ava_1.default)("getWorkflowErrors() when branches contain dots", (t) => {
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
+  on:
+    push:
+      branches: [4.1, master]
+    pull_request:
+      # The branches below must be a subset of the branches above
+      branches: [4.1, master]
+`));
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on.push has a trailing comma", (t) => {
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
+name: "CodeQL"
+on:
+  push:
+    branches: [master, ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+`));
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() should only report the current job's CheckoutWrongHead", (t) => {
+    process.env.GITHUB_JOB = "test";
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
+name: "CodeQL"
+on:
+  push:
+    branches: [master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+jobs:
+  test:
+    steps:
+      - run: "git checkout HEAD^2"
+
+  test2:
+    steps:
+      - run: "git checkout HEAD^2"
+
+  test3:
+    steps: []
+`));
+    t.deepEqual(...errorCodes(errors, [actionsutil.WorkflowErrors.CheckoutWrongHead]));
+});
+(0, ava_1.default)("getWorkflowErrors() should not report a different job's CheckoutWrongHead", (t) => {
+    process.env.GITHUB_JOB = "test3";
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
+name: "CodeQL"
+on:
+  push:
+    branches: [master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+jobs:
+  test:
+    steps:
+      - run: "git checkout HEAD^2"
+
+  test2:
+    steps:
+      - run: "git checkout HEAD^2"
+
+  test3:
+    steps: []
+`));
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() when on is missing", (t) => {
+    const errors = actionsutil.getWorkflowErrors(yaml.load(`
+name: "CodeQL"
+`));
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() with a different on setup", (t) => {
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
+name: "CodeQL"
+on: "workflow_dispatch"
+`)), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
+name: "CodeQL"
+on: [workflow_dispatch]
+`)), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
+name: "CodeQL"
+on:
+  workflow_dispatch: {}
+`)), []));
+});
+(0, ava_1.default)("getWorkflowErrors() should not report an error if PRs are totally unconfigured", (t) => {
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
+name: "CodeQL"
+on:
+  push:
+    branches: [master]
+`)), []));
+    t.deepEqual(...errorCodes(actionsutil.getWorkflowErrors(yaml.load(`
+name: "CodeQL"
+on: ["push"]
+`)), []));
+});
 (0, ava_1.default)("initializeEnvironment", (t) => {
-    (0, util_1.initializeEnvironment)("1.2.3");
+    (0, util_1.initializeEnvironment)(util_1.Mode.actions, "1.2.3");
+    t.deepEqual((0, util_1.getMode)(), util_1.Mode.actions);
    t.deepEqual(process.env.CODEQL_ACTION_VERSION, "1.2.3");
+    (0, util_1.initializeEnvironment)(util_1.Mode.runner, "4.5.6");
+    t.deepEqual((0, util_1.getMode)(), util_1.Mode.runner);
+    t.deepEqual(process.env.CODEQL_ACTION_VERSION, "4.5.6");
 });
 (0, ava_1.default)("isAnalyzingDefaultBranch()", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
@@ -45,7 +45,6 @@ const util = __importStar(require("./util"));
            .stub(actionsUtil, "createStatusReportBase")
            .resolves({});
        sinon.stub(actionsUtil, "sendStatusReport").resolves(true);
-        sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
        const gitHubVersion = {
            type: util.GitHubVariant.DOTCOM,
        };
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
@@ -61,7 +61,6 @@ const util = __importStar(require("./util"));
        optionalInputStub.withArgs("cleanup-level").returns("none");
        optionalInputStub.withArgs("expect-error").returns("false");
        sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
-        sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
        process.env["CODEQL_THREADS"] = "1";
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
@@ -39,7 +39,6 @@ const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
-const shared_environment_1 = require("./shared-environment");
 const trap_caching_1 = require("./trap-caching");
 const upload_lib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
@@ -104,8 +103,6 @@ function doesGoExtractionOutputExist(config) {
 * - We detect whether an autobuild step is present by checking the
 * `util.DID_AUTOBUILD_GO_ENV_VAR_NAME` environment variable, which is set
 * when the autobuilder is invoked.
- * - We detect whether the Go database has already been finalized in case it
- * has been manually set in a prior Action step.
 * - We approximate whether manual build steps are present by looking at
 * whether any extraction output already exists for Go.
 */
@@ -117,10 +114,6 @@ async function runAutobuildIfLegacyGoWorkflow(config, logger) {
        logger.debug("Won't run Go autobuild since it has already been run.");
        return;
    }
-    if ((0, analyze_1.dbIsFinalized)(config, languages_1.Language.go, logger)) {
-        logger.debug("Won't run Go autobuild since there is already a finalized database for Go.");
-        return;
-    }
    // This captures whether a user has added manual build steps for Go
    if (doesGoExtractionOutputExist(config)) {
        logger.debug("Won't run Go autobuild since at least one file of Go code has already been extracted.");
@@ -141,7 +134,7 @@ async function run() {
    let trapCacheUploadTime = undefined;
    let dbCreationTimings = undefined;
    let didUploadTrapCaches = false;
-    util.initializeEnvironment(pkg.version);
+    util.initializeEnvironment(util.Mode.actions, pkg.version);
    await util.checkActionVersion(pkg.version);
    const logger = (0, logging_1.getActionsLogger)();
    try {
@@ -155,14 +148,14 @@ async function run() {
        if (hasBadExpectErrorInput()) {
            throw new Error("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
        }
-        await util.enrichEnvironment(await (0, codeql_1.getCodeQL)(config.codeQLCmd));
+        await util.enrichEnvironment(util.Mode.actions, await (0, codeql_1.getCodeQL)(config.codeQLCmd));
        const apiDetails = (0, api_client_1.getApiDetails)();
        const outputDir = actionsUtil.getRequiredInput("output");
        const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
        const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"]);
        const repositoryNwo = (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY"));
-        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
-        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
+        const gitHubVersion = await (0, api_client_1.getGitHubVersionActionsOnly)();
+        const features = new feature_flags_1.Features(gitHubVersion, apiDetails, repositoryNwo, logger);
        await runAutobuildIfLegacyGoWorkflow(config, logger);
        dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger);
        if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
@@ -177,7 +170,7 @@ async function run() {
        }
        core.setOutput("db-locations", dbLocations);
        if (runStats && actionsUtil.getRequiredInput("upload") === "true") {
-            uploadResult = await upload_lib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger);
+            uploadResult = await upload_lib.uploadFromActions(outputDir, config.gitHubVersion, apiDetails, logger);
            core.setOutput("sarif-id", uploadResult.sarifID);
        }
        else {
@@ -196,13 +189,12 @@ async function run() {
        }
        else if (uploadResult !== undefined &&
            actionsUtil.getRequiredInput("wait-for-processing") === "true") {
-            await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), uploadResult.sarifID, (0, logging_1.getActionsLogger)());
+            await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), uploadResult.sarifID, apiDetails, (0, logging_1.getActionsLogger)());
        }
        // If we did not throw an error yet here, but we expect one, throw it.
        if (actionsUtil.getOptionalInput("expect-error") === "true") {
            core.setFailed(`expect-error input was set to true but no error was thrown.`);
        }
-        core.exportVariable(shared_environment_1.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY, "true");
    }
    catch (origError) {
        const error = origError instanceof Error ? origError : new Error(String(origError));
@@ -210,6 +202,7 @@ async function run() {
            hasBadExpectErrorInput()) {
            core.setFailed(error.message);
        }
+        console.log(error);
        if (error instanceof analyze_1.CodeQLAnalysisError) {
            const stats = { ...error.queriesStatusReport };
            await sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
@@ -239,6 +232,7 @@ async function runWrapper() {
    }
    catch (error) {
        core.setFailed(`analyze action failed: ${error}`);
+        console.log(error);
    }
    await (0, util_1.checkForTimeout)();
 }
@@ -159,7 +159,6 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                logger.info(analysisSummary);
            }
            else {
-                // config was generated by the action, so must be interpreted by the action.
                logger.startGroup(`Running queries for ${language}`);
                const querySuitePaths = [];
                if (queries["builtin"].length > 0) {
@@ -208,7 +207,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
    return statusReport;
    async function runInterpretResults(language, queries, sarifFile, enableDebugLogging) {
        const databasePath = util.getCodeQLDatabasePath(config, language);
-        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId);
+        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, featureEnablement);
    }
    async function runPrintLinesOfCode(language) {
        const databasePath = util.getCodeQLDatabasePath(config, language);
@@ -22,7 +22,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getGitHubVersion = exports.getApiClientWithExternalAuth = exports.getApiClient = exports.getApiDetails = exports.DisallowedAPIVersionReason = void 0;
+exports.getGitHubVersionActionsOnly = exports.getActionsApiClient = exports.getApiDetails = exports.getApiClient = exports.DisallowedAPIVersionReason = void 0;
+const path = __importStar(require("path"));
 const githubUtils = __importStar(require("@actions/github/lib/utils"));
 const retry = __importStar(require("@octokit/plugin-retry"));
 const console_log_level_1 = __importDefault(require("console-log-level"));
@@ -36,14 +37,28 @@ var DisallowedAPIVersionReason;
    DisallowedAPIVersionReason[DisallowedAPIVersionReason["ACTION_TOO_OLD"] = 0] = "ACTION_TOO_OLD";
    DisallowedAPIVersionReason[DisallowedAPIVersionReason["ACTION_TOO_NEW"] = 1] = "ACTION_TOO_NEW";
 })(DisallowedAPIVersionReason = exports.DisallowedAPIVersionReason || (exports.DisallowedAPIVersionReason = {}));
-function createApiClientWithDetails(apiDetails, { allowExternal = false } = {}) {
+const getApiClient = function (apiDetails, { allowExternal = false } = {}) {
    const auth = (allowExternal && apiDetails.externalRepoAuth) || apiDetails.auth;
    const retryingOctokit = githubUtils.GitHub.plugin(retry.retry);
+    const apiURL = apiDetails.apiURL || deriveApiUrl(apiDetails.url);
    return new retryingOctokit(githubUtils.getOctokitOptions(auth, {
-        baseUrl: apiDetails.apiURL,
-        userAgent: `CodeQL-Action/${pkg.version}`,
+        baseUrl: apiURL,
+        userAgent: `CodeQL-${(0, util_1.getMode)()}/${pkg.version}`,
        log: (0, console_log_level_1.default)({ level: "debug" }),
    }));
+};
+exports.getApiClient = getApiClient;
+// Once the runner is deleted, this can also be removed since the GitHub API URL is always available in an environment variable on Actions.
+function deriveApiUrl(githubUrl) {
+    const url = new URL(githubUrl);
+    // If we detect this is trying to connect to github.com
+    // then return with a fixed canonical URL.
+    if (url.hostname === "github.com" || url.hostname === "api.github.com") {
+        return "https://api.github.com";
+    }
+    // Add the /api/v3 API prefix
+    url.pathname = path.join(url.pathname, "api", "v3");
+    return url.toString();
 }
 function getApiDetails() {
    return {
@@ -53,27 +68,30 @@ function getApiDetails() {
    };
 }
 exports.getApiDetails = getApiDetails;
-function getApiClient() {
-    return createApiClientWithDetails(getApiDetails());
+// Temporary function to aid in the transition to running on and off of github actions.
+// Once all code has been converted this function should be removed or made canonical
+// and called only from the action entrypoints.
+function getActionsApiClient() {
+    return (0, exports.getApiClient)(getApiDetails());
 }
-exports.getApiClient = getApiClient;
-function getApiClientWithExternalAuth(apiDetails) {
-    return createApiClientWithDetails(apiDetails, { allowExternal: true });
-}
-exports.getApiClientWithExternalAuth = getApiClientWithExternalAuth;
+exports.getActionsApiClient = getActionsApiClient;
 let cachedGitHubVersion = undefined;
 /**
 * Report the GitHub server version. This is a wrapper around
 * util.getGitHubVersion() that automatically supplies GitHub API details using
- * GitHub Action inputs.
+ * GitHub Action inputs. If you need to get the GitHub server version from the
+ * Runner, please call util.getGitHubVersion() instead.
 *
 * @returns GitHub version
 */
-async function getGitHubVersion() {
+async function getGitHubVersionActionsOnly() {
+    if (!util.isActions()) {
+        throw new Error("getGitHubVersionActionsOnly() works only in an action");
+    }
    if (cachedGitHubVersion === undefined) {
        cachedGitHubVersion = await util.getGitHubVersion(getApiDetails());
    }
    return cachedGitHubVersion;
 }
-exports.getGitHubVersion = getGitHubVersion;
+exports.getGitHubVersionActionsOnly = getGitHubVersionActionsOnly;
 //# sourceMappingURL=api-client.js.map
@@ -1 +1 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAkD;AAClD,6CAA+B;AAC/B,iCAA4D;AAE5D,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,GAA1B,kCAA0B,KAA1B,kCAA0B,QAGrC;AAiBD,SAAS,0BAA0B,CACjC,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;QACzC,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,SAAgB,YAAY;IAC1B,OAAO,0BAA0B,CAAC,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAFD,oCAEC;AAED,SAAgB,4BAA4B,CAC1C,UAAoC;IAEpC,OAAO,0BAA0B,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACzE,CAAC;AAJD,oEAIC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAE/D;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB;IACpC,IAAI,mBAAmB,KAAK,SAAS,EAAE;QACrC,mBAAmB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC,CAAC;KACpE;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AALD,4CAKC"}
+{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAkD;AAClD,6CAA+B;AAC/B,iCAAqE;AAErE,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,GAA1B,kCAA0B,KAA1B,kCAA0B,QAGrC;AAiBM,MAAM,YAAY,GAAG,UAC1B,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,IAAI,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACjE,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,MAAM;QACf,SAAS,EAAE,UAAU,IAAA,cAAO,GAAE,IAAI,GAAG,CAAC,OAAO,EAAE;QAC/C,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC,CAAC;AAfW,QAAA,YAAY,gBAevB;AAEF,2IAA2I;AAC3I,SAAS,YAAY,CAAC,SAAiB;IACrC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAE/B,uDAAuD;IACvD,0CAA0C;IAC1C,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE;QACtE,OAAO,wBAAwB,CAAC;KACjC;IAED,6BAA6B;IAC7B,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IACpD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,uFAAuF;AACvF,qFAAqF;AACrF,+CAA+C;AAC/C,SAAgB,mBAAmB;IACjC,OAAO,IAAA,oBAAY,EAAC,aAAa,EAAE,CAAC,CAAC;AACvC,CAAC;AAFD,kDAEC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAE/D;;;;;;;GAOG;AACI,KAAK,UAAU,2BAA2B;IAC/C,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE;QACrB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;KAC1E;IACD,IAAI,mBAAmB,KAAK,SAAS,EAAE;QACrC,mBAAmB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC,CAAC;KACpE;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,kEAQC"}
@@ -25,10 +25,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const githubUtils = __importStar(require("@actions/github/lib/utils"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
-const actionsUtil = __importStar(require("./actions-util"));
 const api_client_1 = require("./api-client");
 const testing_utils_1 = require("./testing-utils");
-const util = __importStar(require("./util"));
+const util_1 = require("./util");
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
 (0, testing_utils_1.setupTests)(ava_1.default);
@@ -38,23 +37,66 @@ ava_1.default.beforeEach(() => {
    pluginStub = sinon.stub(githubUtils.GitHub, "plugin");
    githubStub = sinon.stub();
    pluginStub.returns(githubStub);
-    util.initializeEnvironment(pkg.version);
+    (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
 });
-(0, ava_1.default)("getApiClient", async (t) => {
-    sinon.stub(actionsUtil, "getRequiredInput").withArgs("token").returns("xyz");
-    const requiredEnvParamStub = sinon.stub(util, "getRequiredEnvParam");
-    requiredEnvParamStub
-        .withArgs("GITHUB_SERVER_URL")
-        .returns("http://github.localhost");
-    requiredEnvParamStub
-        .withArgs("GITHUB_API_URL")
-        .returns("http://api.github.localhost");
-    (0, api_client_1.getApiClient)();
-    t.assert(githubStub.calledOnceWithExactly({
+(0, ava_1.default)("Get the client API", async (t) => {
+    doTest(t, {
+        auth: "xyz",
+        externalRepoAuth: "abc",
+        url: "http://hucairz",
+    }, undefined, {
+        auth: "token xyz",
+        baseUrl: "http://hucairz/api/v3",
+        userAgent: `CodeQL-Action/${pkg.version}`,
+    });
+});
+(0, ava_1.default)("Get the client API external", async (t) => {
+    doTest(t, {
+        auth: "xyz",
+        externalRepoAuth: "abc",
+        url: "http://hucairz",
+    }, { allowExternal: true }, {
+        auth: "token abc",
+        baseUrl: "http://hucairz/api/v3",
+        userAgent: `CodeQL-Action/${pkg.version}`,
+    });
+});
+(0, ava_1.default)("Get the client API external not present", async (t) => {
+    doTest(t, {
+        auth: "xyz",
+        url: "http://hucairz",
+    }, { allowExternal: true }, {
+        auth: "token xyz",
+        baseUrl: "http://hucairz/api/v3",
+        userAgent: `CodeQL-Action/${pkg.version}`,
+    });
+});
+(0, ava_1.default)("Get the client API with github url", async (t) => {
+    doTest(t, {
+        auth: "xyz",
+        url: "https://github.com/some/invalid/url",
+    }, undefined, {
+        auth: "token xyz",
+        baseUrl: "https://api.github.com",
+        userAgent: `CodeQL-Action/${pkg.version}`,
+    });
+});
+(0, ava_1.default)("Get the API with an API URL directly", async (t) => {
+    doTest(t, {
+        auth: "xyz",
+        url: "http://github.localhost",
+        apiURL: "http://api.github.localhost",
+    }, undefined, {
        auth: "token xyz",
        baseUrl: "http://api.github.localhost",
-        log: sinon.match.any,
        userAgent: `CodeQL-Action/${pkg.version}`,
-    }));
+    });
 });
+function doTest(t, clientArgs, clientOptions, expected) {
+    (0, api_client_1.getApiClient)(clientArgs, clientOptions);
+    const firstCallArgs = githubStub.args[0];
+    // log is a function, so we don't need to test for equality of it
+    delete firstCallArgs[0].log;
+    t.deepEqual(firstCallArgs, [expected]);
+}
 //# sourceMappingURL=api-client.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"api-client.test.js","sourceRoot":"","sources":["../src/api-client.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uEAAyD;AACzD,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,6CAA4C;AAC5C,mDAA6C;AAC7C,6CAA+B;AAE/B,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAI,UAA2B,CAAC;AAChC,IAAI,UAA2B,CAAC;AAEhC,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACtD,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC1B,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC/B,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAC1C,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/B,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,oBAAoB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;IACrE,oBAAoB;SACjB,QAAQ,CAAC,mBAAmB,CAAC;SAC7B,OAAO,CAAC,yBAAyB,CAAC,CAAC;IACtC,oBAAoB;SACjB,QAAQ,CAAC,gBAAgB,CAAC;SAC1B,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAE1C,IAAA,yBAAY,GAAE,CAAC;IAEf,CAAC,CAAC,MAAM,CACN,UAAU,CAAC,qBAAqB,CAAC;QAC/B,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,6BAA6B;QACtC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG;QACpB,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CAAC,CACH,CAAC;AACJ,CAAC,CAAC,CAAC"}
+{"version":3,"file":"api-client.test.js","sourceRoot":"","sources":["../src/api-client.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uEAAyD;AACzD,8CAA6C;AAC7C,6CAA+B;AAE/B,6CAA4C;AAC5C,mDAA6C;AAC7C,iCAAqD;AAErD,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAI,UAA2B,CAAC;AAChC,IAAI,UAA2B,CAAC;AAEhC,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACtD,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC1B,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC/B,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;AACnD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oBAAoB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrC,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,gBAAgB,EAAE,KAAK;QACvB,GAAG,EAAE,gBAAgB;KACtB,EACD,SAAS,EACT;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,6BAA6B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9C,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,gBAAgB,EAAE,KAAK;QACvB,GAAG,EAAE,gBAAgB;KACtB,EACD,EAAE,aAAa,EAAE,IAAI,EAAE,EACvB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1D,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,gBAAgB;KACtB,EACD,EAAE,aAAa,EAAE,IAAI,EAAE,EACvB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oCAAoC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrD,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,qCAAqC;KAC3C,EACD,SAAS,EACT;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,wBAAwB;QACjC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sCAAsC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvD,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,yBAAyB;QAC9B,MAAM,EAAE,6BAA6B;KACtC,EACD,SAAS,EACT;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,6BAA6B;QACtC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,MAAM,CACb,CAA4B,EAC5B,UAAe,EACf,aAAkB,EAClB,QAAa;IAEb,IAAA,yBAAY,EAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAExC,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACzC,iEAAiE;IACjE,OAAO,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAC5B,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;AACzC,CAAC"}
@@ -1 +1 @@
-{ "maximumVersion": "3.8", "minimumVersion": "3.3" }
+{ "maximumVersion": "3.7", "minimumVersion": "3.3" }
@@ -30,7 +30,7 @@ const util_1 = require("./util");
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
 async function sendCompletedStatusReport(startedAt, allLanguages, failingLanguage, cause) {
-    (0, util_1.initializeEnvironment)(pkg.version);
+    (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
    const status = (0, actions_util_1.getActionsStatus)(cause, failingLanguage);
    const statusReportBase = await (0, actions_util_1.createStatusReportBase)("autobuild", status, startedAt, cause === null || cause === void 0 ? void 0 : cause.message, cause === null || cause === void 0 ? void 0 : cause.stack);
    const statusReport = {
@@ -50,8 +50,8 @@ async function run() {
        if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("autobuild", "starting", startedAt)))) {
            return;
        }
-        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
-        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
+        const gitHubVersion = await (0, api_client_1.getGitHubVersionActionsOnly)();
+        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger, util_1.Mode.actions);
        const config = await configUtils.getConfig((0, actions_util_1.getTemporaryDirectory)(), logger);
        if (config === undefined) {
            throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAOwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAC9C,2CAAuC;AACvC,uCAA6C;AAC7C,iCAKgB;AAEhB,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAEnC,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC7C,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE;oBAC5B,IAAI,CAAC,cAAc,CAAC,oCAA6B,EAAE,MAAM,CAAC,CAAC;iBAC5D;aACF;SACF;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,EAAE,EACf,eAAe,EACf,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAOwB;AACxB,6CAA2D;AAC3D,2CAAwE;AACxE,4DAA8C;AAC9C,2CAAuC;AACvC,uCAA6C;AAC7C,iCAMgB;AAEhB,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,wCAA2B,GAAE,CAAC;QAC1D,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,EAAE,WAAI,CAAC,OAAO,CAAC,CAAC;QAE/D,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC7C,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE;oBAC5B,IAAI,CAAC,cAAc,CAAC,oCAA6B,EAAE,MAAM,CAAC,CAAC;iBAC5D;aACF;SACF;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,EAAE,EACf,eAAe,EACf,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
@@ -18,19 +18,30 @@ var __importStar = (this && this.__importStar) || function (mod) {
    __setModuleDefault(result, mod);
    return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
+exports.getExtraOptions = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.convertToSemVer = exports.getCodeQLURLVersion = exports.setupCodeQL = exports.getCodeQLActionRepository = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CODEQL_VERSION_CONFIG_FILES = exports.CODEQL_DEFAULT_ACTION_REPOSITORY = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
+const toolcache = __importStar(require("@actions/tool-cache"));
+const fast_deep_equal_1 = __importDefault(require("fast-deep-equal"));
 const yaml = __importStar(require("js-yaml"));
+const query_string_1 = __importDefault(require("query-string"));
+const semver = __importStar(require("semver"));
+const uuid_1 = require("uuid");
 const actions_util_1 = require("./actions-util");
+const api = __importStar(require("./api-client"));
+const defaults = __importStar(require("./defaults.json")); // Referenced from codeql-action-sync-tool!
 const error_matcher_1 = require("./error-matcher");
+const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
-const setupCodeql = __importStar(require("./setup-codeql"));
 const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
 const trap_caching_1 = require("./trap-caching");
 const util = __importStar(require("./util"));
+const util_1 = require("./util");
 class CommandInvocationError extends Error {
    constructor(cmd, args, exitCode, error, output) {
        super(`Failure invoking ${cmd} with arguments ${args}.\n
@@ -45,6 +56,8 @@ exports.CommandInvocationError = CommandInvocationError;
 * Can be overridden in tests using `setCodeQL`.
 */
 let cachedCodeQL = undefined;
+const CODEQL_BUNDLE_VERSION = defaults.bundleVersion;
+exports.CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
 /**
 * The oldest version of CodeQL that the Action will run with. This should be
 * at least three minor versions behind the current version and must include the
@@ -61,9 +74,9 @@ const CODEQL_MINIMUM_VERSION = "2.6.3";
 */
 const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
 const CODEQL_VERSION_LUA_TRACER_CONFIG = "2.10.0";
+exports.CODEQL_VERSION_CONFIG_FILES = "2.10.1";
 const CODEQL_VERSION_LUA_TRACING_GO_WINDOWS_FIXED = "2.10.4";
 exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = "2.10.4";
-const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
 /**
 * This variable controls using the new style of tracing from the CodeQL
 * CLI. In particular, with versions above this we will use both indirect
@@ -90,23 +103,205 @@ exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = "2.9.0";
 * --extractor-options-verbosity that we need.
 */
 exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
+function getCodeQLBundleName() {
+    let platform;
+    if (process.platform === "win32") {
+        platform = "win64";
+    }
+    else if (process.platform === "linux") {
+        platform = "linux64";
+    }
+    else if (process.platform === "darwin") {
+        platform = "osx64";
+    }
+    else {
+        return "codeql-bundle.tar.gz";
+    }
+    return `codeql-bundle-${platform}.tar.gz`;
+}
+function getCodeQLActionRepository(logger) {
+    if (!util.isActions()) {
+        return exports.CODEQL_DEFAULT_ACTION_REPOSITORY;
+    }
+    else {
+        return getActionsCodeQLActionRepository(logger);
+    }
+}
+exports.getCodeQLActionRepository = getCodeQLActionRepository;
+function getActionsCodeQLActionRepository(logger) {
+    if (process.env["GITHUB_ACTION_REPOSITORY"] !== undefined) {
+        return process.env["GITHUB_ACTION_REPOSITORY"];
+    }
+    // The Actions Runner used with GitHub Enterprise Server 2.22 did not set the GITHUB_ACTION_REPOSITORY variable.
+    // This fallback logic can be removed after the end-of-support for 2.22 on 2021-09-23.
+    if ((0, actions_util_1.isRunningLocalAction)()) {
+        // This handles the case where the Action does not come from an Action repository,
+        // e.g. our integration tests which use the Action code from the current checkout.
+        logger.info("The CodeQL Action is checked out locally. Using the default CodeQL Action repository.");
+        return exports.CODEQL_DEFAULT_ACTION_REPOSITORY;
+    }
+    logger.info("GITHUB_ACTION_REPOSITORY environment variable was not set. Falling back to legacy method of finding the GitHub Action.");
+    const relativeScriptPathParts = (0, actions_util_1.getRelativeScriptPath)().split(path.sep);
+    return `${relativeScriptPathParts[0]}/${relativeScriptPathParts[1]}`;
+}
+async function getCodeQLBundleDownloadURL(apiDetails, variant, logger) {
+    const codeQLActionRepository = getCodeQLActionRepository(logger);
+    const potentialDownloadSources = [
+        // This GitHub instance, and this Action.
+        [apiDetails.url, codeQLActionRepository],
+        // This GitHub instance, and the canonical Action.
+        [apiDetails.url, exports.CODEQL_DEFAULT_ACTION_REPOSITORY],
+        // GitHub.com, and the canonical Action.
+        [util.GITHUB_DOTCOM_URL, exports.CODEQL_DEFAULT_ACTION_REPOSITORY],
+    ];
+    // We now filter out any duplicates.
+    // Duplicates will happen either because the GitHub instance is GitHub.com, or because the Action is not a fork.
+    const uniqueDownloadSources = potentialDownloadSources.filter((source, index, self) => {
+        return !self.slice(0, index).some((other) => (0, fast_deep_equal_1.default)(source, other));
+    });
+    const codeQLBundleName = getCodeQLBundleName();
+    if (variant === util.GitHubVariant.GHAE) {
+        try {
+            const release = await api
+                .getApiClient(apiDetails)
+                .request("GET /enterprise/code-scanning/codeql-bundle/find/{tag}", {
+                tag: CODEQL_BUNDLE_VERSION,
+            });
+            const assetID = release.data.assets[codeQLBundleName];
+            if (assetID !== undefined) {
+                const download = await api
+                    .getApiClient(apiDetails)
+                    .request("GET /enterprise/code-scanning/codeql-bundle/download/{asset_id}", { asset_id: assetID });
+                const downloadURL = download.data.url;
+                logger.info(`Found CodeQL bundle at GitHub AE endpoint with URL ${downloadURL}.`);
+                return downloadURL;
+            }
+            else {
+                logger.info(`Attempted to fetch bundle from GitHub AE endpoint but the bundle ${codeQLBundleName} was not found in the assets ${JSON.stringify(release.data.assets)}.`);
+            }
+        }
+        catch (e) {
+            logger.info(`Attempted to fetch bundle from GitHub AE endpoint but got error ${e}.`);
+        }
+    }
+    for (const downloadSource of uniqueDownloadSources) {
+        const [apiURL, repository] = downloadSource;
+        // If we've reached the final case, short-circuit the API check since we know the bundle exists and is public.
+        if (apiURL === util.GITHUB_DOTCOM_URL &&
+            repository === exports.CODEQL_DEFAULT_ACTION_REPOSITORY) {
+            break;
+        }
+        const [repositoryOwner, repositoryName] = repository.split("/");
+        try {
+            const release = await api.getApiClient(apiDetails).repos.getReleaseByTag({
+                owner: repositoryOwner,
+                repo: repositoryName,
+                tag: CODEQL_BUNDLE_VERSION,
+            });
+            for (const asset of release.data.assets) {
+                if (asset.name === codeQLBundleName) {
+                    logger.info(`Found CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} with URL ${asset.url}.`);
+                    return asset.url;
+                }
+            }
+        }
+        catch (e) {
+            logger.info(`Looked for CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} but got error ${e}.`);
+        }
+    }
+    return `https://github.com/${exports.CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${codeQLBundleName}`;
+}
 /**
 * Set up CodeQL CLI access.
 *
- * @param toolsInput
+ * @param codeqlURL
 * @param apiDetails
 * @param tempDir
 * @param variant
- * @param bypassToolcache
- * @param defaultCliVersion
+ * @param features
 * @param logger
 * @param checkVersion Whether to check that CodeQL CLI meets the minimum
 *        version requirement. Must be set to true outside tests.
 * @returns a { CodeQL, toolsVersion } object.
 */
-async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, bypassToolcache, defaultCliVersion, logger, checkVersion) {
+async function setupCodeQL(codeqlURL, apiDetails, tempDir, variant, features, logger, checkVersion) {
    try {
-        const { codeqlFolder, toolsVersion } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, bypassToolcache, defaultCliVersion, logger);
+        const forceLatestReason = 
+        // We use the special value of 'latest' to prioritize the version in the
+        // defaults over any pinned cached version.
+        codeqlURL === "latest"
+            ? '"tools: latest" was requested'
+            : // If the user hasn't requested a particular CodeQL version, then bypass
+                // the toolcache when the appropriate feature is enabled. This
+                // allows us to quickly rollback a broken bundle that has made its way
+                // into the toolcache.
+                codeqlURL === undefined &&
+                    (await features.getValue(feature_flags_1.Feature.BypassToolcacheEnabled))
+                    ? "a specific version of CodeQL was not requested and the bypass toolcache feature is enabled"
+                    : undefined;
+        const forceLatest = forceLatestReason !== undefined;
+        if (forceLatest) {
+            logger.debug(`Forcing the latest version of the CodeQL tools since ${forceLatestReason}.`);
+            codeqlURL = undefined;
+        }
+        let codeqlFolder;
+        let codeqlURLVersion;
+        if (codeqlURL && !codeqlURL.startsWith("http")) {
+            codeqlFolder = await toolcache.extractTar(codeqlURL);
+            codeqlURLVersion = "local";
+        }
+        else {
+            codeqlURLVersion = getCodeQLURLVersion(codeqlURL || `/${CODEQL_BUNDLE_VERSION}/`);
+            const codeqlURLSemVer = convertToSemVer(codeqlURLVersion, logger);
+            // If we find the specified version, we always use that.
+            codeqlFolder = toolcache.find("CodeQL", codeqlURLSemVer);
+            // If we don't find the requested version, in some cases we may allow a
+            // different version to save download time if the version hasn't been
+            // specified explicitly (in which case we always honor it).
+            if (!codeqlFolder && !codeqlURL && !forceLatest) {
+                const codeqlVersions = toolcache.findAllVersions("CodeQL");
+                if (codeqlVersions.length === 1 && (0, util_1.isGoodVersion)(codeqlVersions[0])) {
+                    const tmpCodeqlFolder = toolcache.find("CodeQL", codeqlVersions[0]);
+                    if (fs.existsSync(path.join(tmpCodeqlFolder, "pinned-version"))) {
+                        logger.debug(`CodeQL in cache overriding the default ${CODEQL_BUNDLE_VERSION}`);
+                        codeqlFolder = tmpCodeqlFolder;
+                        codeqlURLVersion = codeqlVersions[0];
+                    }
+                }
+            }
+            if (codeqlFolder) {
+                logger.debug(`CodeQL found in cache ${codeqlFolder}`);
+            }
+            else {
+                if (!codeqlURL) {
+                    codeqlURL = await getCodeQLBundleDownloadURL(apiDetails, variant, logger);
+                }
+                const parsedCodeQLURL = new URL(codeqlURL);
+                const parsedQueryString = query_string_1.default.parse(parsedCodeQLURL.search);
+                const headers = {
+                    accept: "application/octet-stream",
+                };
+                // We only want to provide an authorization header if we are downloading
+                // from the same GitHub instance the Action is running on.
+                // This avoids leaking Enterprise tokens to dotcom.
+                // We also don't want to send an authorization header if there's already a token provided in the URL.
+                if (codeqlURL.startsWith(`${apiDetails.url}/`) &&
+                    parsedQueryString["token"] === undefined) {
+                    logger.debug("Downloading CodeQL bundle with token.");
+                    headers.authorization = `token ${apiDetails.auth}`;
+                }
+                else {
+                    logger.debug("Downloading CodeQL bundle without token.");
+                }
+                logger.info(`Downloading CodeQL tools from ${codeqlURL}. This may take a while.`);
+                const dest = path.join(tempDir, (0, uuid_1.v4)());
+                const finalHeaders = Object.assign({ "User-Agent": "CodeQL Action" }, headers);
+                const codeqlPath = await toolcache.downloadTool(codeqlURL, dest, undefined, finalHeaders);
+                logger.debug(`CodeQL bundle download to ${codeqlPath} complete.`);
+                const codeqlExtracted = await toolcache.extractTar(codeqlPath);
+                codeqlFolder = await toolcache.cacheDir(codeqlExtracted, "CodeQL", codeqlURLSemVer);
+            }
+        }
        let codeqlCmd = path.join(codeqlFolder, "codeql", "codeql");
        if (process.platform === "win32") {
            codeqlCmd += ".exe";
@@ -115,7 +310,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, bypassToolc
            throw new Error(`Unsupported platform: ${process.platform}`);
        }
        cachedCodeQL = await getCodeQLForCmd(codeqlCmd, checkVersion);
-        return { codeql: cachedCodeQL, toolsVersion };
+        return { codeql: cachedCodeQL, toolsVersion: codeqlURLVersion };
    }
    catch (e) {
        logger.error(e instanceof Error ? e : new Error(String(e)));
@@ -123,6 +318,26 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, bypassToolc
    }
 }
 exports.setupCodeQL = setupCodeQL;
+function getCodeQLURLVersion(url) {
+    const match = url.match(/\/codeql-bundle-(.*)\//);
+    if (match === null || match.length < 2) {
+        throw new Error(`Malformed tools url: ${url}. Version could not be inferred`);
+    }
+    return match[1];
+}
+exports.getCodeQLURLVersion = getCodeQLURLVersion;
+function convertToSemVer(version, logger) {
+    if (!semver.valid(version)) {
+        logger.debug(`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`);
+        version = `0.0.0-${version}`;
+    }
+    const s = semver.clean(version);
+    if (!s) {
+        throw new Error(`Bundle version ${version} is not in SemVer format.`);
+    }
+    return s;
+}
+exports.convertToSemVer = convertToSemVer;
 /**
 * Use the CodeQL executable located at the given path.
 */
@@ -171,7 +386,6 @@ function setCodeQL(partialCodeql) {
        databaseRunQueries: resolveFunction(partialCodeql, "databaseRunQueries"),
        databaseInterpretResults: resolveFunction(partialCodeql, "databaseInterpretResults"),
        databasePrintBaseline: resolveFunction(partialCodeql, "databasePrintBaseline"),
-        diagnosticsExport: resolveFunction(partialCodeql, "diagnosticsExport"),
    };
    return cachedCodeQL;
 }
@@ -290,12 +504,20 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                ...getExtraOptionsFromEnv(["database", "init"]),
            ]);
        },
-        async databaseInitCluster(config, sourceRoot, processName, featureEnablement) {
+        async databaseInitCluster(config, sourceRoot, processName, processLevel, featureEnablement) {
            const extraArgs = config.languages.map((language) => `--language=${language}`);
            if (config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l)).length > 0) {
                extraArgs.push("--begin-tracing");
                extraArgs.push(...(await (0, trap_caching_1.getTrapCachingExtractorConfigArgs)(config)));
-                extraArgs.push(`--trace-process-name=${processName}`);
+                if (processName !== undefined) {
+                    extraArgs.push(`--trace-process-name=${processName}`);
+                }
+                else {
+                    // We default to 3 if no other arguments are provided since this was the default
+                    // behavior of the Runner. Note this path never happens in the CodeQL Action
+                    // because that always passes in a process name.
+                    extraArgs.push(`--trace-process-level=${processLevel || 3}`);
+                }
                if (
                // There's a bug in Lua tracing for Go on Windows in versions earlier than
                // `CODEQL_VERSION_LUA_TRACING_GO_WINDOWS_FIXED`, so don't use Lua tracing
@@ -308,16 +530,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                    extraArgs.push("--no-internal-use-lua-tracing");
                }
            }
-            // A config file is only generated if the CliConfigFileEnabled feature flag is enabled.
            const configLocation = await generateCodeScanningConfig(codeql, config, featureEnablement);
-            // Only pass external repository token if a config file is going to be parsed by the CLI.
-            let externalRepositoryToken;
            if (configLocation) {
                extraArgs.push(`--codescanning-config=${configLocation}`);
-                externalRepositoryToken = (0, actions_util_1.getOptionalInput)("external-repository-token");
-                if (externalRepositoryToken) {
-                    extraArgs.push("--external-repository-token-stdin");
-                }
            }
            await runTool(cmd, [
                "database",
@@ -327,7 +542,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                `--source-root=${sourceRoot}`,
                ...extraArgs,
                ...getExtraOptionsFromEnv(["database", "init"]),
-            ], { stdin: externalRepositoryToken });
+            ]);
        },
        async runAutobuild(language) {
            const cmdName = process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh";
@@ -474,9 +689,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            if (querySuitePath) {
                codeqlArgs.push(querySuitePath);
            }
-            await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
+            await runTool(cmd, codeqlArgs);
        },
-        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId) {
+        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, featureEnablement) {
            const codeqlArgs = [
                "database",
                "interpret-results",
@@ -495,7 +710,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            if (automationDetailsId !== undefined) {
                codeqlArgs.push("--sarif-category", automationDetailsId);
            }
-            if (await util.codeQlVersionAbove(this, CODEQL_VERSION_FILE_BASELINE_INFORMATION)) {
+            if (await featureEnablement.getValue(feature_flags_1.Feature.FileBaselineInformationEnabled, this)) {
                codeqlArgs.push("--sarif-add-baseline-file-info");
            }
            codeqlArgs.push(databasePath);
@@ -503,8 +718,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                codeqlArgs.push(...querySuitePaths);
            }
            // capture stdout, which contains analysis summaries
-            const returnState = await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
-            return returnState.stdout;
+            return await runTool(cmd, codeqlArgs);
        },
        async databasePrintBaseline(databasePath) {
            const codeqlArgs = [
@@ -580,19 +794,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            ];
            await new toolrunner.ToolRunner(cmd, args).exec();
        },
-        async diagnosticsExport(sarifFile, automationDetailsId) {
-            const args = [
-                "diagnostics",
-                "export",
-                "--format=sarif-latest",
-                `--output=${sarifFile}`,
-                ...getExtraOptionsFromEnv(["diagnostics", "export"]),
-            ];
-            if (automationDetailsId !== undefined) {
-                args.push("--sarif-category", automationDetailsId);
-            }
-            await new toolrunner.ToolRunner(cmd, args).exec();
-        },
    };
    // To ensure that status reports include the CodeQL CLI version wherever
    // possible, we want to call getVersion(), which populates the version value
@@ -608,7 +809,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
    }
    return codeql;
 }
-exports.getCodeQLForCmd = getCodeQLForCmd;
 /**
 * Gets the options for `path` of `options` as an array of extra option strings.
 */
@@ -663,26 +863,20 @@ exports.getExtraOptions = getExtraOptions;
 *     status reports on GitHub.com.
 */
 const maxErrorSize = 20000;
-async function runTool(cmd, args = [], opts = {}) {
+async function runTool(cmd, args = []) {
    let output = "";
    let error = "";
    const exitCode = await new toolrunner.ToolRunner(cmd, args, {
        listeners: {
            stdout: (data) => {
-                output += data.toString("utf8");
+                output += data.toString();
            },
            stderr: (data) => {
-                let readStartIndex = 0;
-                // If the error is too large, then we only take the last 20,000 characters
-                if (data.length - maxErrorSize > 0) {
-                    // Eg: if we have 20,000 the start index should be 2.
-                    readStartIndex = data.length - maxErrorSize + 1;
-                }
-                error += data.toString("utf8", readStartIndex);
+                const toRead = Math.min(maxErrorSize - error.length, data.length);
+                error += data.toString("utf8", 0, toRead);
            },
        },
        ignoreReturnCode: true,
-        ...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
    }).exec();
    if (exitCode !== 0)
        throw new CommandInvocationError(cmd, args, exitCode, error, output);
@@ -24,19 +24,16 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.stubToolRunnerConstructor = void 0;
 const fs = __importStar(require("fs"));
-const path_1 = __importDefault(require("path"));
+const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const toolcache = __importStar(require("@actions/tool-cache"));
-const safeWhich = __importStar(require("@chrisgavin/safe-which"));
 const ava_1 = __importDefault(require("ava"));
 const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
 const nock_1 = __importDefault(require("nock"));
 const sinon = __importStar(require("sinon"));
-const actionsUtil = __importStar(require("./actions-util"));
-const api = __importStar(require("./api-client"));
 const codeql = __importStar(require("./codeql"));
-const defaults = __importStar(require("./defaults.json")); // Referenced from codeql-action-sync-tool!
+const defaults = __importStar(require("./defaults.json"));
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
@@ -47,20 +44,18 @@ const util_1 = require("./util");
 const sampleApiDetails = {
    auth: "token",
    url: "https://github.com",
-    apiURL: "https://api.github.com",
+    apiURL: undefined,
+    registriesAuthTokens: undefined,
 };
 const sampleGHAEApiDetails = {
    auth: "token",
    url: "https://example.githubenterprise.com",
-    apiURL: "https://example.githubenterprise.com/api/v3",
-};
-const SAMPLE_DEFAULT_CLI_VERSION = {
-    cliVersion: "2.0.0",
-    variant: util.GitHubVariant.DOTCOM,
+    apiURL: undefined,
+    registriesAuthTokens: undefined,
 };
 let stubConfig;
 ava_1.default.beforeEach(() => {
-    (0, util_1.initializeEnvironment)("1.2.3");
+    (0, util_1.initializeEnvironment)(util_1.Mode.actions, "1.2.3");
    stubConfig = {
        languages: [languages_1.Language.cpp],
        queries: {},
@@ -86,13 +81,7 @@ ava_1.default.beforeEach(() => {
        trapCacheDownloadTime: 0,
    };
 });
-/**
- * Mocks the API for downloading the bundle tagged `tagName`.
- *
- * @returns the download URL for the bundle. This can be passed to the tools parameter of
- * `codeql.setupCodeQL`.
- */
-async function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, tagName, }) {
+async function mockApiAndSetupCodeQL({ apiDetails, featureEnablement, isPinned, tmpDir, toolsInput, version, }) {
    var _a;
    const platform = process.platform === "win32"
        ? "win64"
@@ -101,148 +90,133 @@ async function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, tagNam
            : "osx64";
    const baseUrl = (_a = apiDetails === null || apiDetails === void 0 ? void 0 : apiDetails.url) !== null && _a !== void 0 ? _a : "https://example.com";
    const relativeUrl = apiDetails
-        ? `/github/codeql-action/releases/download/${tagName}/codeql-bundle-${platform}.tar.gz`
-        : `/download/${tagName}/codeql-bundle.tar.gz`;
+        ? `/github/codeql-action/releases/download/${version}/codeql-bundle-${platform}.tar.gz`
+        : `/download/codeql-bundle-${version}/codeql-bundle.tar.gz`;
    (0, nock_1.default)(baseUrl)
        .get(relativeUrl)
-        .replyWithFile(200, path_1.default.join(__dirname, `/../src/testdata/codeql-bundle${isPinned ? "-pinned" : ""}.tar.gz`));
-    return `${baseUrl}${relativeUrl}`;
+        .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle${isPinned ? "-pinned" : ""}.tar.gz`));
+    return await codeql.setupCodeQL(toolsInput ? toolsInput.input : `${baseUrl}${relativeUrl}`, apiDetails !== null && apiDetails !== void 0 ? apiDetails : sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, featureEnablement !== null && featureEnablement !== void 0 ? featureEnablement : (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
 }
-async function installIntoToolcache({ apiDetails = sampleApiDetails, cliVersion, isPinned, tagName, tmpDir, }) {
-    const url = await mockDownloadApi({ apiDetails, isPinned, tagName });
-    await codeql.setupCodeQL(cliVersion !== undefined ? undefined : url, apiDetails, tmpDir, util.GitHubVariant.GHES, false, cliVersion !== undefined
-        ? { cliVersion, tagName, variant: util.GitHubVariant.GHES }
-        : SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
-}
-(0, ava_1.default)("downloads and caches explicitly requested bundles that aren't in the toolcache", async (t) => {
+(0, ava_1.default)("download codeql bundle cache", async (t) => {
    await util.withTmpDir(async (tmpDir) => {
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
        const versions = ["20200601", "20200610"];
        for (let i = 0; i < versions.length; i++) {
            const version = versions[i];
-            const url = await mockDownloadApi({
-                tagName: `codeql-bundle-${version}`,
-                isPinned: false,
-            });
-            const result = await codeql.setupCodeQL(url, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, false, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+            const codeQLConfig = await mockApiAndSetupCodeQL({ version, tmpDir });
            t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
-            t.is(result.toolsVersion, `0.0.0-${version}`);
+            t.deepEqual(codeQLConfig.toolsVersion, version);
        }
        t.is(toolcache.findAllVersions("CodeQL").length, 2);
    });
 });
-(0, ava_1.default)("downloads an explicitly requested bundle even if a different version is cached", async (t) => {
+(0, ava_1.default)("download codeql bundle cache explicitly requested with pinned different version cached", async (t) => {
    await util.withTmpDir(async (tmpDir) => {
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await installIntoToolcache({
-            tagName: "codeql-bundle-20200601",
+        const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
+            version: "20200601",
            isPinned: true,
            tmpDir,
        });
-        const url = await mockDownloadApi({
-            tagName: "codeql-bundle-20200610",
+        t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+        t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
+        const unpinnedCodeQLConfig = await mockApiAndSetupCodeQL({
+            version: "20200610",
+            tmpDir,
        });
-        const result = await codeql.setupCodeQL(url, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, false, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
        t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
-        t.deepEqual(result.toolsVersion, "0.0.0-20200610");
+        t.deepEqual(unpinnedCodeQLConfig.toolsVersion, "20200610");
    });
 });
-for (const isCached of [true, false]) {
-    (0, ava_1.default)(`uses default version on Dotcom when default version bundle is ${isCached ? "" : "not "}cached`, async (t) => {
-        await util.withTmpDir(async (tmpDir) => {
-            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-            const tagName = `codeql-bundle-20230101`;
-            if (isCached) {
-                await installIntoToolcache({
-                    cliVersion: SAMPLE_DEFAULT_CLI_VERSION.cliVersion,
-                    tagName,
-                    isPinned: true,
-                    tmpDir,
-                });
-            }
-            else {
-                await mockDownloadApi({
-                    tagName,
-                });
-                sinon.stub(api, "getApiClient").value(() => ({
-                    repos: {
-                        listReleases: sinon.stub().resolves(undefined),
-                    },
-                    paginate: sinon.stub().resolves([
-                        {
-                            assets: [
-                                {
-                                    name: "cli-version-2.0.0.txt",
-                                },
-                            ],
-                            tag_name: tagName,
-                        },
-                    ]),
-                }));
-            }
-            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, false, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
-            t.is(result.toolsVersion, SAMPLE_DEFAULT_CLI_VERSION.cliVersion);
-        });
-    });
-}
-for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
-    (0, ava_1.default)(`uses a cached bundle when no tools input is given on ${util.GitHubVariant[variant]}`, async (t) => {
-        await util.withTmpDir(async (tmpDir) => {
-            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-            await installIntoToolcache({
-                tagName: "codeql-bundle-20200601",
-                isPinned: true,
-                tmpDir,
-            });
-            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, variant, false, {
-                cliVersion: defaults.cliVersion,
-                tagName: defaults.bundleVersion,
-                variant,
-            }, (0, logging_1.getRunnerLogger)(true), false);
-            t.deepEqual(result.toolsVersion, "0.0.0-20200601");
-            const cachedVersions = toolcache.findAllVersions("CodeQL");
-            t.is(cachedVersions.length, 1);
-        });
-    });
-    (0, ava_1.default)(`downloads bundle if only an unpinned version is cached on ${util.GitHubVariant[variant]}`, async (t) => {
-        await util.withTmpDir(async (tmpDir) => {
-            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-            await installIntoToolcache({
-                tagName: "codeql-bundle-20200601",
-                isPinned: false,
-                tmpDir,
-            });
-            await mockDownloadApi({
-                tagName: defaults.bundleVersion,
-            });
-            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, variant, false, {
-                cliVersion: defaults.cliVersion,
-                tagName: defaults.bundleVersion,
-                variant,
-            }, (0, logging_1.getRunnerLogger)(true), false);
-            t.deepEqual(result.toolsVersion, defaults.cliVersion);
-            const cachedVersions = toolcache.findAllVersions("CodeQL");
-            t.is(cachedVersions.length, 2);
-        });
-    });
-}
-(0, ava_1.default)('downloads bundle if "latest" tools specified but not cached', async (t) => {
+(0, ava_1.default)("don't download codeql bundle cache with pinned different version cached", async (t) => {
    await util.withTmpDir(async (tmpDir) => {
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await installIntoToolcache({
-            tagName: "codeql-bundle-20200601",
+        const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
+            version: "20200601",
            isPinned: true,
            tmpDir,
        });
-        await mockDownloadApi({
-            tagName: defaults.bundleVersion,
+        t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+        t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
+        const codeQLConfig = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
+        t.deepEqual(codeQLConfig.toolsVersion, "0.0.0-20200601");
+        const cachedVersions = toolcache.findAllVersions("CodeQL");
+        t.is(cachedVersions.length, 1);
+    });
+});
+(0, ava_1.default)("download codeql bundle cache with different version cached (not pinned)", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const cachedCodeQLConfig = await mockApiAndSetupCodeQL({
+            version: "20200601",
+            tmpDir,
        });
-        const result = await codeql.setupCodeQL("latest", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, false, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
-        t.deepEqual(result.toolsVersion, defaults.cliVersion);
+        t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+        t.deepEqual(cachedCodeQLConfig.toolsVersion, "20200601");
+        const codeQLConfig = await mockApiAndSetupCodeQL({
+            version: defaults.bundleVersion,
+            tmpDir,
+            apiDetails: sampleApiDetails,
+            toolsInput: { input: undefined },
+        });
+        t.deepEqual(codeQLConfig.toolsVersion, defaults.bundleVersion.replace("codeql-bundle-", ""));
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 2);
    });
 });
+(0, ava_1.default)('download codeql bundle cache with pinned different version cached if "latest" tools specified', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
+            version: "20200601",
+            isPinned: true,
+            tmpDir,
+        });
+        t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+        t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
+        const latestCodeQLConfig = await mockApiAndSetupCodeQL({
+            version: defaults.bundleVersion,
+            apiDetails: sampleApiDetails,
+            toolsInput: { input: "latest" },
+            tmpDir,
+        });
+        t.deepEqual(latestCodeQLConfig.toolsVersion, defaults.bundleVersion.replace("codeql-bundle-", ""));
+        const cachedVersions = toolcache.findAllVersions("CodeQL");
+        t.is(cachedVersions.length, 2);
+    });
+});
+const TOOLCACHE_BYPASS_TEST_CASES = [
+    [true, undefined, true],
+    [false, undefined, false],
+    [
+        true,
+        "https://github.com/github/codeql-action/releases/download/codeql-bundle-20200601/codeql-bundle.tar.gz",
+        false,
+    ],
+];
+for (const [isFeatureEnabled, toolsInput, shouldToolcacheBeBypassed,] of TOOLCACHE_BYPASS_TEST_CASES) {
+    (0, ava_1.default)(`download codeql bundle ${shouldToolcacheBeBypassed ? "bypasses" : "does not bypass"} toolcache when feature ${isFeatureEnabled ? "enabled" : "disabled"} and tools: ${toolsInput} passed`, async (t) => {
+        await util.withTmpDir(async (tmpDir) => {
+            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+            await mockApiAndSetupCodeQL({
+                version: "codeql-bundle-20200601",
+                apiDetails: sampleApiDetails,
+                isPinned: true,
+                tmpDir,
+            });
+            t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+            await mockApiAndSetupCodeQL({
+                version: defaults.bundleVersion,
+                apiDetails: sampleApiDetails,
+                featureEnablement: (0, testing_utils_1.createFeatures)(isFeatureEnabled ? [feature_flags_1.Feature.BypassToolcacheEnabled] : []),
+                toolsInput: { input: toolsInput },
+                tmpDir,
+            });
+            const cachedVersions = toolcache.findAllVersions("CodeQL");
+            t.is(cachedVersions.length, shouldToolcacheBeBypassed ? 2 : 1);
+        });
+    });
+}
 (0, ava_1.default)("download codeql bundle from github ae endpoint", async (t) => {
    await util.withTmpDir(async (tmpDir) => {
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
@@ -265,33 +239,34 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
        });
        (0, nock_1.default)("https://example.githubenterprise.com")
            .get(`/github/codeql-action/releases/download/${defaults.bundleVersion}/${codeQLBundleName}`)
-            .replyWithFile(200, path_1.default.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
-        // This is a workaround to mock `api.getApiDetails()` since it doesn't seem to be possible to
-        // mock this directly. The difficulty is that `getApiDetails()` is called locally in
-        // `api-client.ts`, but `sinon.stub(api, "getApiDetails")` only affects calls to
-        // `getApiDetails()` via an imported `api` module.
-        sinon
-            .stub(actionsUtil, "getRequiredInput")
-            .withArgs("token")
-            .returns(sampleGHAEApiDetails.auth);
-        const requiredEnvParamStub = sinon.stub(util, "getRequiredEnvParam");
-        requiredEnvParamStub
-            .withArgs("GITHUB_SERVER_URL")
-            .returns(sampleGHAEApiDetails.url);
-        requiredEnvParamStub
-            .withArgs("GITHUB_API_URL")
-            .returns(sampleGHAEApiDetails.apiURL);
-        sinon.stub(actionsUtil, "isRunningLocalAction").returns(false);
-        process.env["GITHUB_ACTION_REPOSITORY"] = "github/codeql-action";
-        await codeql.setupCodeQL(undefined, sampleGHAEApiDetails, tmpDir, util.GitHubVariant.GHAE, false, {
-            cliVersion: defaults.cliVersion,
-            tagName: defaults.bundleVersion,
-            variant: util.GitHubVariant.GHAE,
-        }, (0, logging_1.getRunnerLogger)(true), false);
+            .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
+        await codeql.setupCodeQL(undefined, sampleGHAEApiDetails, tmpDir, util.GitHubVariant.GHAE, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 1);
    });
 });
+(0, ava_1.default)("parse codeql bundle url version", (t) => {
+    t.deepEqual(codeql.getCodeQLURLVersion("https://github.com/.../codeql-bundle-20200601/..."), "20200601");
+});
+(0, ava_1.default)("convert to semver", (t) => {
+    const tests = {
+        "20200601": "0.0.0-20200601",
+        "20200601.0": "0.0.0-20200601.0",
+        "20200601.0.0": "20200601.0.0",
+        "1.2.3": "1.2.3",
+        "1.2.3-alpha": "1.2.3-alpha",
+        "1.2.3-beta.1": "1.2.3-beta.1",
+    };
+    for (const [version, expectedVersion] of Object.entries(tests)) {
+        try {
+            const parsedVersion = codeql.convertToSemVer(version, (0, logging_1.getRunnerLogger)(true));
+            t.deepEqual(parsedVersion, expectedVersion);
+        }
+        catch (e) {
+            t.fail(e instanceof Error ? e.message : String(e));
+        }
+    }
+});
 (0, ava_1.default)("getExtraOptions works for explicit paths", (t) => {
    t.deepEqual(codeql.getExtraOptions({}, ["foo"], []), []);
    t.deepEqual(codeql.getExtraOptions({ foo: [42] }, ["foo"], []), ["42"]);
@@ -314,22 +289,33 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
    t.throws(() => codeql.getExtraOptions({ foo: 87 }, ["foo"], []));
    t.throws(() => codeql.getExtraOptions({ "*": [42], foo: { "*": 87, bar: [99] } }, ["foo", "bar"], []));
 });
+(0, ava_1.default)("getCodeQLActionRepository", (t) => {
+    const logger = (0, logging_1.getRunnerLogger)(true);
+    (0, util_1.initializeEnvironment)(util_1.Mode.runner, "1.2.3");
+    const repoActions = codeql.getCodeQLActionRepository(logger);
+    t.deepEqual(repoActions, "github/codeql-action");
+    (0, util_1.initializeEnvironment)(util_1.Mode.actions, "1.2.3");
+    // isRunningLocalAction() === true
+    delete process.env["GITHUB_ACTION_REPOSITORY"];
+    process.env["RUNNER_TEMP"] = path.dirname(__dirname);
+    const repoLocalRunner = codeql.getCodeQLActionRepository(logger);
+    t.deepEqual(repoLocalRunner, "github/codeql-action");
+    process.env["GITHUB_ACTION_REPOSITORY"] = "xxx/yyy";
+    const repoEnv = codeql.getCodeQLActionRepository(logger);
+    t.deepEqual(repoEnv, "xxx/yyy");
+});
 (0, ava_1.default)("databaseInterpretResults() does not set --sarif-add-query-help for 2.7.0", async (t) => {
    const runnerConstructorStub = stubToolRunnerConstructor();
    const codeqlObject = await codeql.getCodeQLForTesting();
    sinon.stub(codeqlObject, "getVersion").resolves("2.7.0");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", (0, testing_utils_1.createFeatures)([]));
    t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be absent, but it is present");
 });
 (0, ava_1.default)("databaseInterpretResults() sets --sarif-add-query-help for 2.7.1", async (t) => {
    const runnerConstructorStub = stubToolRunnerConstructor();
    const codeqlObject = await codeql.getCodeQLForTesting();
    sinon.stub(codeqlObject, "getVersion").resolves("2.7.1");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", (0, testing_utils_1.createFeatures)([]));
    t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be present, but it is absent");
 });
 (0, ava_1.default)("databaseInitCluster() without injected codescanning config", async (t) => {
@@ -337,8 +323,6 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
        const runnerConstructorStub = stubToolRunnerConstructor();
        const codeqlObject = await codeql.getCodeQLForTesting();
        sinon.stub(codeqlObject, "getVersion").resolves("2.8.1");
-        // safeWhich throws because of the test CodeQL object.
-        sinon.stub(safeWhich, "safeWhich").resolves("");
        const thisStubConfig = {
            ...stubConfig,
            tempDir,
@@ -348,7 +332,7 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
                packsInputCombines: false,
            },
        };
-        await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        const args = runnerConstructorStub.firstCall.args[1];
        // should NOT have used an config file
        const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
@@ -363,14 +347,14 @@ const injectedConfigMacro = ava_1.default.macro({
            const codeqlObject = await codeql.getCodeQLForTesting();
            sinon
                .stub(codeqlObject, "getVersion")
-                .resolves(feature_flags_1.featureConfig[feature_flags_1.Feature.CliConfigFileEnabled].minimumVersion);
+                .resolves(codeql.CODEQL_VERSION_CONFIG_FILES);
            const thisStubConfig = {
                ...stubConfig,
                ...configOverride,
                tempDir,
                augmentationProperties,
            };
-            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), (0, logging_1.getRunnerLogger)(true));
+            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), (0, logging_1.getRunnerLogger)(true));
            const args = runnerConstructorStub.firstCall.args[1];
            // should have used an config file
            const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
@@ -393,7 +377,7 @@ const injectedConfigMacro = ava_1.default.macro({
    queriesInputCombines: false,
    packsInputCombines: false,
 }, {}, {
-    packs: ["codeql/javascript-experimental-atm-queries@~0.4.0"],
+    packs: ["codeql/javascript-experimental-atm-queries@~0.3.0"],
 });
 (0, ava_1.default)("injected ML queries with existing packs", injectedConfigMacro, {
    injectedMlQueries: true,
@@ -407,7 +391,7 @@ const injectedConfigMacro = ava_1.default.macro({
    packs: {
        javascript: [
            "codeql/something-else",
-            "codeql/javascript-experimental-atm-queries@~0.4.0",
+            "codeql/javascript-experimental-atm-queries@~0.3.0",
        ],
    },
 });
@@ -422,7 +406,7 @@ const injectedConfigMacro = ava_1.default.macro({
 }, {
    packs: {
        cpp: ["codeql/something-else"],
-        javascript: ["codeql/javascript-experimental-atm-queries@~0.4.0"],
+        javascript: ["codeql/javascript-experimental-atm-queries@~0.3.0"],
    },
 });
 (0, ava_1.default)("injected packs from input", injectedConfigMacro, {
@@ -475,7 +459,7 @@ const injectedConfigMacro = ava_1.default.macro({
        },
    },
 }, {
-    packs: ["xxx", "yyy", "codeql/javascript-experimental-atm-queries@~0.4.0"],
+    packs: ["xxx", "yyy", "codeql/javascript-experimental-atm-queries@~0.3.0"],
 });
 // similar, but with queries
 (0, ava_1.default)("injected queries from input", injectedConfigMacro, {
@@ -569,8 +553,8 @@ const injectedConfigMacro = ava_1.default.macro({
        const codeqlObject = await codeql.getCodeQLForTesting();
        sinon
            .stub(codeqlObject, "getVersion")
-            .resolves(feature_flags_1.featureConfig[feature_flags_1.Feature.CliConfigFileEnabled].minimumVersion);
-        await codeqlObject.databaseInitCluster(stubConfig, "", undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            .resolves(codeql.CODEQL_VERSION_CONFIG_FILES);
+        await codeqlObject.databaseInitCluster(stubConfig, "", undefined, undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        const args = runnerConstructorStub.firstCall.args[1];
        // should have used an config file
        const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
@@ -580,22 +564,24 @@ const injectedConfigMacro = ava_1.default.macro({
        process.env["CODEQL_PASS_CONFIG_TO_CLI"] = origCODEQL_PASS_CONFIG_TO_CLI;
    }
 });
-(0, ava_1.default)("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3", async (t) => {
+(0, ava_1.default)("databaseInterpretResults() sets --sarif-add-baseline-file-info when feature enabled", async (t) => {
    const runnerConstructorStub = stubToolRunnerConstructor();
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves("2.11.3");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
+    // We need to set a CodeQL version such that running `databaseInterpretResults` does not crash.
+    // The version of CodeQL is checked separately to determine feature enablement, and does not
+    // otherwise impact this test, so set it to 0.0.0.
+    sinon.stub(codeqlObject, "getVersion").resolves("0.0.0");
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.FileBaselineInformationEnabled]));
    t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info should be present, but it is absent");
 });
-(0, ava_1.default)("databaseInterpretResults() does not set --sarif-add-baseline-file-info for 2.11.2", async (t) => {
+(0, ava_1.default)("databaseInterpretResults() does not set --sarif-add-baseline-file-info if feature disabled", async (t) => {
    const runnerConstructorStub = stubToolRunnerConstructor();
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves("2.11.2");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
+    // We need to set a CodeQL version such that running `databaseInterpretResults` does not crash.
+    // The version of CodeQL is checked upstream to determine feature enablement, so it does not
+    // affect this test.
+    sinon.stub(codeqlObject, "getVersion").resolves("0.0.0");
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", (0, testing_utils_1.createFeatures)([]));
    t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info must be absent, but it is present");
 });
 function stubToolRunnerConstructor() {
@@ -19,7 +19,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.downloadPacks = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePackSpecification = exports.prettyPrintPack = exports.parsePacksSpecification = exports.parsePacksFromConfig = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesMissingUses = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = exports.defaultAugmentationProperties = void 0;
+exports.downloadPacks = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePackSpecification = exports.prettyPrintPack = exports.parsePacksSpecification = exports.parsePacksFromConfig = exports.calculateAugmentation = exports.getDefaultConfig = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesMissingUses = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = exports.defaultAugmentationProperties = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 // We need to import `performance` on Node 12
@@ -240,12 +240,8 @@ async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, te
    if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) {
        return await addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, queryUses, featureEnablement, configFile);
    }
-    // Otherwise, must be a reference to another repo.
-    // If config parsing is handled in CLI, then this repo will be downloaded
-    // later by the CLI.
-    if (!(await (0, util_1.useCodeScanningConfigInCli)(codeQL, featureEnablement))) {
-        await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetails, logger, configFile);
-    }
+    // Otherwise, must be a reference to another repo
+    await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetails, logger, configFile);
    return false;
 }
 // Regex validating stars in paths or paths-ignore entries.
@@ -389,12 +385,11 @@ function getUnknownLanguagesError(languages) {
 }
 exports.getUnknownLanguagesError = getUnknownLanguagesError;
 /**
- * Gets the set of languages in the current repository that are
- * scannable by CodeQL.
+ * Gets the set of languages in the current repository
 */
-async function getLanguagesInRepo(repository, logger) {
+async function getLanguagesInRepo(repository, apiDetails, logger) {
    logger.debug(`GitHub repo ${repository.owner} ${repository.repo}`);
-    const response = await api.getApiClient().repos.listLanguages({
+    const response = await api.getApiClient(apiDetails).repos.listLanguages({
        owner: repository.owner,
        repo: repository.repo,
    });
@@ -412,7 +407,6 @@ async function getLanguagesInRepo(repository, logger) {
    }
    return [...languages];
 }
-exports.getLanguagesInRepo = getLanguagesInRepo;
 /**
 * Get the languages to analyse.
 *
@@ -423,17 +417,19 @@ exports.getLanguagesInRepo = getLanguagesInRepo;
 * If no languages could be detected from either the workflow or the repository
 * then throw an error.
 */
-async function getLanguages(codeQL, languagesInput, repository, logger) {
-    // Obtain languages without filtering them.
-    const { rawLanguages, autodetected } = await getRawLanguages(languagesInput, repository, logger);
-    let languages = rawLanguages.map(languages_1.resolveAlias);
-    if (autodetected) {
+async function getLanguages(codeQL, languagesInput, repository, apiDetails, logger) {
+    // Obtain from action input 'languages' if set
+    let languages = (languagesInput || "")
+        .split(",")
+        .map((x) => x.trim())
+        .filter((x) => x.length > 0);
+    logger.info(`Languages from configuration: ${JSON.stringify(languages)}`);
+    if (languages.length === 0) {
+        // Obtain languages as all languages in the repo that can be analysed
+        languages = await getLanguagesInRepo(repository, apiDetails, logger);
        const availableLanguages = await codeQL.resolveLanguages();
        languages = languages.filter((value) => value in availableLanguages);
-        logger.info(`Automatically detected languages: ${languages.join(", ")}`);
-    }
-    else {
-        logger.info(`Languages from configuration: ${languages.join(", ")}`);
+        logger.info(`Automatically detected languages: ${JSON.stringify(languages)}`);
    }
    // If the languages parameter was not given and no languages were
    // detected then fail here as this is a workflow configuration error.
@@ -444,51 +440,19 @@ async function getLanguages(codeQL, languagesInput, repository, logger) {
    const parsedLanguages = [];
    const unknownLanguages = [];
    for (const language of languages) {
-        // We know this is not an alias since we resolved it above.
        const parsedLanguage = (0, languages_1.parseLanguage)(language);
        if (parsedLanguage === undefined) {
            unknownLanguages.push(language);
        }
-        else if (!parsedLanguages.includes(parsedLanguage)) {
+        else if (parsedLanguages.indexOf(parsedLanguage) === -1) {
            parsedLanguages.push(parsedLanguage);
        }
    }
-    // Any unknown languages here would have come directly from the input
-    // since we filter unknown languages coming from the GitHub API.
    if (unknownLanguages.length > 0) {
        throw new Error(getUnknownLanguagesError(unknownLanguages));
    }
    return parsedLanguages;
 }
-exports.getLanguages = getLanguages;
-/**
- * Gets the set of languages in the current repository without checking to
- * see if these languages are actually supported by CodeQL.
- *
- * @param languagesInput The languages from the workflow input
- * @param repository the owner/name of the repository
- * @param logger a logger
- * @returns A tuple containing a list of languages in this repository that might be
- * analyzable and whether or not this list was determined automatically.
- */
-async function getRawLanguages(languagesInput, repository, logger) {
-    // Obtain from action input 'languages' if set
-    let rawLanguages = (languagesInput || "")
-        .split(",")
-        .map((x) => x.trim().toLowerCase())
-        .filter((x) => x.length > 0);
-    let autodetected;
-    if (rawLanguages.length) {
-        autodetected = false;
-    }
-    else {
-        autodetected = true;
-        // Obtain all languages in the repo that can be analysed
-        rawLanguages = (await getLanguagesInRepo(repository, logger));
-    }
-    return { rawLanguages, autodetected };
-}
-exports.getRawLanguages = getRawLanguages;
 async function addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, resultMap, packs, tempDir, workspacePath, apiDetails, featureEnablement, logger) {
    let injectedMlQueries = false;
    queriesInput = queriesInput.trim();
@@ -514,7 +478,7 @@ function shouldAddConfigFileQueries(queriesInput) {
 * Get the default config for when the user has not supplied one.
 */
 async function getDefaultConfig(languagesInput, rawQueriesInput, rawPacksInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureEnablement, logger) {
-    const languages = await getLanguages(codeQL, languagesInput, repository, logger);
+    const languages = await getLanguages(codeQL, languagesInput, repository, apiDetails, logger);
    const queries = {};
    for (const language of languages) {
        queries[language] = {
@@ -588,7 +552,7 @@ async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, config
            throw new Error(getNameInvalid(configFile));
        }
    }
-    const languages = await getLanguages(codeQL, languagesInput, repository, logger);
+    const languages = await getLanguages(codeQL, languagesInput, repository, apiDetails, logger);
    const queries = {};
    for (const language of languages) {
        queries[language] = {
@@ -929,23 +893,22 @@ async function initConfig(languagesInput, queriesInput, packsInput, registriesIn
    else {
        config = await loadConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureEnablement, logger);
    }
+    // The list of queries should not be empty for any language. If it is then
+    // it is a user configuration error.
+    for (const language of config.languages) {
+        const hasBuiltinQueries = ((_a = config.queries[language]) === null || _a === void 0 ? void 0 : _a.builtin.length) > 0;
+        const hasCustomQueries = ((_b = config.queries[language]) === null || _b === void 0 ? void 0 : _b.custom.length) > 0;
+        const hasPacks = (((_c = config.packs[language]) === null || _c === void 0 ? void 0 : _c.length) || 0) > 0;
+        if (!hasPacks && !hasBuiltinQueries && !hasCustomQueries) {
+            throw new Error(`Did not detect any queries to run for ${language}. ` +
+                "Please make sure that the default queries are enabled, or you are specifying queries to run.");
+        }
+    }
    // When using the codescanning config in the CLI, pack downloads
    // happen in the CLI during the `database init` command, so no need
    // to download them here.
    await (0, util_1.logCodeScanningConfigInCli)(codeQL, featureEnablement, logger);
    if (!(await (0, util_1.useCodeScanningConfigInCli)(codeQL, featureEnablement))) {
-        // The list of queries should not be empty for any language. If it is then
-        // it is a user configuration error.
-        // This check occurs in the CLI when it parses the config file.
-        for (const language of config.languages) {
-            const hasBuiltinQueries = ((_a = config.queries[language]) === null || _a === void 0 ? void 0 : _a.builtin.length) > 0;
-            const hasCustomQueries = ((_b = config.queries[language]) === null || _b === void 0 ? void 0 : _b.custom.length) > 0;
-            const hasPacks = (((_c = config.packs[language]) === null || _c === void 0 ? void 0 : _c.length) || 0) > 0;
-            if (!hasPacks && !hasBuiltinQueries && !hasCustomQueries) {
-                throw new Error(`Did not detect any queries to run for ${language}. ` +
-                    "Please make sure that the default queries are enabled, or you are specifying queries to run.");
-            }
-        }
        const registries = parseRegistries(registriesInput);
        await downloadPacks(codeQL, config.languages, config.packs, registries, apiDetails, config.tempDir, logger);
    }
@@ -991,7 +954,7 @@ async function getRemoteConfig(configFile, apiDetails) {
        throw new Error(getConfigFileRepoFormatInvalidMessage(configFile));
    }
    const response = await api
-        .getApiClientWithExternalAuth(apiDetails)
+        .getApiClient(apiDetails, { allowExternal: true })
        .repos.getContent({
        owner: pieces.groups.owner,
        repo: pieces.groups.repo,
@@ -34,7 +34,6 @@ const configUtils = __importStar(require("./config-utils"));
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
-const repository_1 = require("./repository");
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
 (0, testing_utils_1.setupTests)(ava_1.default);
@@ -62,7 +61,6 @@ function mockGetContents(content) {
        .stub(client.repos, "getContent")
        .resolves(response);
    sinon.stub(api, "getApiClient").value(() => client);
-    sinon.stub(api, "getApiClientWithExternalAuth").value(() => client);
    return spyGetContents;
 }
 function mockListLanguages(languages) {
@@ -934,7 +932,11 @@ function parseInputAndConfigMacro(t, packsFromConfig, packsFromInput, languages,
    languages, "/a/b", mockLogger), expected);
 }
 parseInputAndConfigMacro.title = (providedTitle) => `Parse Packs input and config: ${providedTitle}`;
-const mockLogger = (0, logging_1.getRunnerLogger)(true);
+const mockLogger = {
+    info: (message) => {
+        console.log(message);
+    },
+};
 function parseInputAndConfigErrorMacro(t, packsFromConfig, packsFromInput, languages, packsFromInputOverride, expected) {
    t.throws(() => {
        configUtils.parsePacks(packsFromConfig, packsFromInput, packsFromInputOverride, languages, "/a/b", mockLogger);
@@ -1234,86 +1236,4 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
        }, { instanceOf: Error }, "Invalid 'registries' input. Must be an array of objects with 'url' and 'packages' properties.");
    });
 });
-// getLanguages
-const mockRepositoryNwo = (0, repository_1.parseRepositoryNwo)("owner/repo");
-// eslint-disable-next-line github/array-foreach
-[
-    {
-        name: "languages from input",
-        codeqlResolvedLanguages: ["javascript", "java", "python"],
-        languagesInput: "jAvAscript, \n jaVa",
-        languagesInRepository: ["SwiFt", "other"],
-        expectedLanguages: ["javascript", "java"],
-        expectedApiCall: false,
-    },
-    {
-        name: "languages from github api",
-        codeqlResolvedLanguages: ["javascript", "java", "python"],
-        languagesInput: "",
-        languagesInRepository: ["  jAvAscript\n \t", " jaVa", "SwiFt", "other"],
-        expectedLanguages: ["javascript", "java"],
-        expectedApiCall: true,
-    },
-    {
-        name: "aliases from input",
-        codeqlResolvedLanguages: ["javascript", "csharp", "cpp", "java", "python"],
-        languagesInput: "  typEscript\n \t, C#, c , KoTlin",
-        languagesInRepository: ["SwiFt", "other"],
-        expectedLanguages: ["javascript", "csharp", "cpp", "java"],
-        expectedApiCall: false,
-    },
-    {
-        name: "duplicate languages from input",
-        codeqlResolvedLanguages: ["javascript", "java", "python"],
-        languagesInput: "jAvAscript, \n jaVa, kotlin, typescript",
-        languagesInRepository: ["SwiFt", "other"],
-        expectedLanguages: ["javascript", "java"],
-        expectedApiCall: false,
-    },
-    {
-        name: "aliases from github api",
-        codeqlResolvedLanguages: ["javascript", "csharp", "cpp", "java", "python"],
-        languagesInput: "",
-        languagesInRepository: ["  typEscript\n \t", " C#", "c", "other"],
-        expectedLanguages: ["javascript", "csharp", "cpp"],
-        expectedApiCall: true,
-    },
-    {
-        name: "no languages",
-        codeqlResolvedLanguages: ["javascript", "java", "python"],
-        languagesInput: "",
-        languagesInRepository: [],
-        expectedApiCall: true,
-        expectedError: configUtils.getNoLanguagesError(),
-    },
-    {
-        name: "unrecognized languages from input",
-        codeqlResolvedLanguages: ["javascript", "java", "python"],
-        languagesInput: "a, b, c, javascript",
-        languagesInRepository: [],
-        expectedApiCall: false,
-        expectedError: configUtils.getUnknownLanguagesError(["a", "b"]),
-    },
-].forEach((args) => {
-    (0, ava_1.default)(`getLanguages: ${args.name}`, async (t) => {
-        const mockRequest = (0, testing_utils_1.mockLanguagesInRepo)(args.languagesInRepository);
-        const languages = args.codeqlResolvedLanguages.reduce((acc, lang) => ({
-            ...acc,
-            [lang]: true,
-        }), {});
-        const codeQL = (0, codeql_1.setCodeQL)({
-            resolveLanguages: () => Promise.resolve(languages),
-        });
-        if (args.expectedLanguages) {
-            // happy path
-            const actualLanguages = await configUtils.getLanguages(codeQL, args.languagesInput, mockRepositoryNwo, mockLogger);
-            t.deepEqual(actualLanguages.sort(), args.expectedLanguages.sort());
-        }
-        else {
-            // there is an error
-            await t.throwsAsync(async () => await configUtils.getLanguages(codeQL, args.languagesInput, mockRepositoryNwo, mockLogger), { message: args.expectedError });
-        }
-        t.deepEqual(mockRequest.called, args.expectedApiCall);
-    });
-});
 //# sourceMappingURL=config-utils.test.js.map
@@ -41,35 +41,27 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) {
        logger.debug("Not analyzing default branch. Skipping upload.");
        return;
    }
-    const client = (0, api_client_1.getApiClient)();
+    const client = (0, api_client_1.getApiClient)(apiDetails);
    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
    for (const language of config.languages) {
+        // Upload the database bundle.
+        // Although we are uploading arbitrary file contents to the API, it's worth
+        // noting that it's the API's job to validate that the contents is acceptable.
+        // This API method is available to anyone with write access to the repo.
+        const payload = fs.readFileSync(await (0, util_1.bundleDb)(config, language, codeql, language));
        try {
-            // Upload the database bundle.
-            // Although we are uploading arbitrary file contents to the API, it's worth
-            // noting that it's the API's job to validate that the contents is acceptable.
-            // This API method is available to anyone with write access to the repo.
-            const bundledDb = await (0, util_1.bundleDb)(config, language, codeql, language);
-            const bundledDbSize = fs.statSync(bundledDb).size;
-            const bundledDbReadStream = fs.createReadStream(bundledDb);
-            try {
-                await client.request(`POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name`, {
-                    owner: repositoryNwo.owner,
-                    repo: repositoryNwo.repo,
-                    language,
-                    name: `${language}-database`,
-                    data: bundledDbReadStream,
-                    headers: {
-                        authorization: `token ${apiDetails.auth}`,
-                        "Content-Type": "application/zip",
-                        "Content-Length": bundledDbSize,
-                    },
-                });
-                logger.debug(`Successfully uploaded database for ${language}`);
-            }
-            finally {
-                bundledDbReadStream.close();
-            }
+            await client.request(`POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name`, {
+                owner: repositoryNwo.owner,
+                repo: repositoryNwo.repo,
+                language,
+                name: `${language}-database`,
+                data: payload,
+                headers: {
+                    authorization: `token ${apiDetails.auth}`,
+                    "Content-Type": "application/zip",
+                },
+            });
+            logger.debug(`Successfully uploaded database for ${language}`);
        }
        catch (e) {
            console.log(e);
@@ -1 +1 @@
-{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE;QAC9D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;KACR;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;QAC3D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;KACR;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE;QACnD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;KACR;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,8BAA8B;YAC9B,2EAA2E;YAC3E,8EAA8E;YAC9E,wEAAwE;YACxE,MAAM,SAAS,GAAG,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrE,MAAM,aAAa,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YAClD,MAAM,mBAAmB,GAAG,EAAE,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAC3D,IAAI;gBACF,MAAM,MAAM,CAAC,OAAO,CAClB,wGAAwG,EACxG;oBACE,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE;wBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;wBACzC,cAAc,EAAE,iBAAiB;wBACjC,gBAAgB,EAAE,aAAa;qBAChC;iBACF,CACF,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;aAChE;oBAAS;gBACR,mBAAmB,CAAC,KAAK,EAAE,CAAC;aAC7B;SACF;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;SACnE;KACF;AACH,CAAC;AA7DD,0CA6DC"}
+{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE;QAC9D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;KACR;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;QAC3D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;KACR;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE;QACnD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;KACR;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,EAAC,UAAU,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,8BAA8B;QAC9B,2EAA2E;QAC3E,8EAA8E;QAC9E,wEAAwE;QACxE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAC7B,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CACnD,CAAC;QACF,IAAI;YACF,MAAM,MAAM,CAAC,OAAO,CAClB,wGAAwG,EACxG;gBACE,KAAK,EAAE,aAAa,CAAC,KAAK;gBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;gBACxB,QAAQ;gBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;gBAC5B,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE;oBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;oBACzC,cAAc,EAAE,iBAAiB;iBAClC;aACF,CACF,CAAC;YACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;SAChE;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;SACnE;KACF;AACH,CAAC;AAxDD,0CAwDC"}
@@ -36,7 +36,7 @@ const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
 ava_1.default.beforeEach(() => {
-    (0, util_1.initializeEnvironment)("1.2.3");
+    (0, util_1.initializeEnvironment)(util_1.Mode.actions, "1.2.3");
 });
 const testRepoName = { owner: "github", repo: "example" };
 const testApiDetails = {
@@ -1,6 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20230105",
-    "cliVersion": "2.12.0",
-    "priorBundleVersion": "codeql-bundle-20221211",
-    "priorCliVersion": "2.11.6"
+    "bundleVersion": "codeql-bundle-20221105"
 }
@@ -12,10 +12,6 @@ exports.namedMatchersForTesting = {
        message: "No code found during the build. Please see:\n" +
            "https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning#no-code-found-during-the-build",
    },
-    fatalError: {
-        outputRegex: new RegExp("A fatal error occurred"),
-        message: "A fatal error occurred.",
-    },
 };
 // we collapse the matches into an array for use in execErrorCatcher
 exports.errorMatchers = Object.values(exports.namedMatchersForTesting);
@@ -1 +1 @@
-{"version":3,"file":"error-matcher.js","sourceRoot":"","sources":["../src/error-matcher.ts"],"names":[],"mappings":";;;AAQA,qCAAqC;AACxB,QAAA,uBAAuB,GAAoC;IACtE;;MAEE;IACF,iBAAiB,EAAE;QACjB,QAAQ,EAAE,EAAE;QACZ,WAAW,EAAE,IAAI,MAAM,CAAC,2CAA2C,CAAC;QACpE,OAAO,EACL,+CAA+C;YAC/C,yJAAyJ;KAC5J;IACD,UAAU,EAAE;QACV,WAAW,EAAE,IAAI,MAAM,CAAC,wBAAwB,CAAC;QACjD,OAAO,EAAE,yBAAyB;KACnC;CACF,CAAC;AAEF,oEAAoE;AACvD,QAAA,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,+BAAuB,CAAC,CAAC"}
+{"version":3,"file":"error-matcher.js","sourceRoot":"","sources":["../src/error-matcher.ts"],"names":[],"mappings":";;;AAQA,qCAAqC;AACxB,QAAA,uBAAuB,GAAoC;IACtE;;MAEE;IACF,iBAAiB,EAAE;QACjB,QAAQ,EAAE,EAAE;QACZ,WAAW,EAAE,IAAI,MAAM,CAAC,2CAA2C,CAAC;QACpE,OAAO,EACL,+CAA+C;YAC/C,yJAAyJ;KAC5J;CACF,CAAC;AAEF,oEAAoE;AACvD,QAAA,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,+BAAuB,CAAC,CAAC"}
@@ -16,9 +16,6 @@ NB We test the regexes for all the matchers against example log output snippets.
  2020-09-07T17:39:53.9251124Z [2020-09-07 17:39:53] [ERROR] Spawned process exited abnormally (code 255; tried to run: [/opt/hostedtoolcache/CodeQL/0.0.0-20200630/x64/codeql/javascript/tools/autobuild.sh])
  `));
 });
-(0, ava_1.default)("fatalError matches against example log output", async (t) => {
-    t.assert(testErrorMatcher("fatalError", "A fatal error occurred: Could not process query metadata for test-query.ql"));
-});
 function testErrorMatcher(matcherName, logSample) {
    if (!(matcherName in error_matcher_1.namedMatchersForTesting)) {
        throw new Error(`Unknown matcher ${matcherName}`);
@@ -1 +1 @@
-{"version":3,"file":"error-matcher.test.js","sourceRoot":"","sources":["../src/error-matcher.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,mDAA0D;AAE1D;;EAEE;AAEF,IAAA,aAAI,EAAC,6DAA6D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9E,CAAC,CAAC,MAAM,CACN,gBAAgB,CACd,mBAAmB,EACnB;;;;;GAKH,CACE,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,+CAA+C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChE,CAAC,CAAC,MAAM,CACN,gBAAgB,CACd,YAAY,EACZ,4EAA4E,CAC7E,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,WAAmB,EAAE,SAAiB;IAC9D,IAAI,CAAC,CAAC,WAAW,IAAI,uCAAuB,CAAC,EAAE;QAC7C,MAAM,IAAI,KAAK,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAC;KACnD;IACD,MAAM,KAAK,GAAG,uCAAuB,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC;IAC/D,IAAI,KAAK,KAAK,SAAS,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,WAAW,kBAAkB,CAAC,CAAC;KACvE;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAC/B,CAAC"}
+{"version":3,"file":"error-matcher.test.js","sourceRoot":"","sources":["../src/error-matcher.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,mDAA0D;AAE1D;;EAEE;AAEF,IAAA,aAAI,EAAC,6DAA6D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9E,CAAC,CAAC,MAAM,CACN,gBAAgB,CACd,mBAAmB,EACnB;;;;;GAKH,CACE,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,WAAmB,EAAE,SAAiB;IAC9D,IAAI,CAAC,CAAC,WAAW,IAAI,uCAAuB,CAAC,EAAE;QAC7C,MAAM,IAAI,KAAK,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAC;KACnD;IACD,MAAM,KAAK,GAAG,uCAAuB,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC;IAC/D,IAAI,KAAK,KAAK,SAAS,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,WAAW,kBAAkB,CAAC,CAAC;KACvE;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAC/B,CAAC"}
@@ -19,46 +19,34 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Features = exports.FEATURE_FLAGS_FILE_NAME = exports.featureConfig = exports.Feature = void 0;
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const semver = __importStar(require("semver"));
+exports.Features = exports.featureConfig = exports.Feature = void 0;
 const api_client_1 = require("./api-client");
-const defaults = __importStar(require("./defaults.json")); // Referenced from codeql-action-sync-tool!
 const util = __importStar(require("./util"));
-const DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_";
-const DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled";
-const MINIMUM_ENABLED_CODEQL_VERSION = "2.11.6";
 var Feature;
 (function (Feature) {
    Feature["BypassToolcacheEnabled"] = "bypass_toolcache_enabled";
-    Feature["BypassToolcacheKotlinSwiftEnabled"] = "bypass_toolcache_kotlin_swift_enabled";
    Feature["CliConfigFileEnabled"] = "cli_config_file_enabled";
-    Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
+    Feature["FileBaselineInformationEnabled"] = "file_baseline_information_enabled";
+    Feature["GolangExtractionReconciliationEnabled"] = "golang_extraction_reconciliation_enabled";
    Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
    Feature["TrapCachingEnabled"] = "trap_caching_enabled";
-    Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
 })(Feature = exports.Feature || (exports.Feature = {}));
 exports.featureConfig = {
    [Feature.BypassToolcacheEnabled]: {
        envVar: "CODEQL_BYPASS_TOOLCACHE",
-        // Cannot specify a minimum version because this flag is checked before we have
-        // access to the CodeQL instance.
-        minimumVersion: undefined,
-    },
-    [Feature.BypassToolcacheKotlinSwiftEnabled]: {
-        envVar: "CODEQL_BYPASS_TOOLCACHE_KOTLIN_SWIFT",
-        // Cannot specify a minimum version because this flag is checked before we have
-        // access to the CodeQL instance.
-        minimumVersion: undefined,
-    },
-    [Feature.DisableKotlinAnalysisEnabled]: {
-        envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS",
        minimumVersion: undefined,
    },
    [Feature.CliConfigFileEnabled]: {
        envVar: "CODEQL_PASS_CONFIG_TO_CLI",
-        minimumVersion: "2.11.6",
+        minimumVersion: "2.11.1",
+    },
+    [Feature.FileBaselineInformationEnabled]: {
+        envVar: "CODEQL_FILE_BASELINE_INFORMATION",
+        minimumVersion: "2.11.3",
+    },
+    [Feature.GolangExtractionReconciliationEnabled]: {
+        envVar: "CODEQL_GOLANG_EXTRACTION_RECONCILIATION",
+        minimumVersion: undefined,
    },
    [Feature.MlPoweredQueriesEnabled]: {
        envVar: "CODEQL_ML_POWERED_QUERIES",
@@ -68,23 +56,15 @@ exports.featureConfig = {
        envVar: "CODEQL_TRAP_CACHING",
        minimumVersion: undefined,
    },
-    [Feature.UploadFailedSarifEnabled]: {
-        envVar: "CODEQL_ACTION_UPLOAD_FAILED_SARIF",
-        minimumVersion: "2.11.3",
-    },
 };
-exports.FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json";
 /**
 * Determines the enablement status of a number of features.
 * If feature enablement is not able to be determined locally, a request to the
 * GitHub API is made to determine the enablement status.
 */
 class Features {
-    constructor(gitHubVersion, repositoryNwo, tempDir, logger) {
-        this.gitHubFeatureFlags = new GitHubFeatureFlags(gitHubVersion, repositoryNwo, path.join(tempDir, exports.FEATURE_FLAGS_FILE_NAME), logger);
-    }
-    async getDefaultCliVersion(variant) {
-        return await this.gitHubFeatureFlags.getDefaultCliVersion(variant);
+    constructor(gitHubVersion, apiDetails, repositoryNwo, logger) {
+        this.gitHubFeatureFlags = new GitHubFeatureFlags(gitHubVersion, apiDetails, repositoryNwo, logger);
    }
    /**
     *
@@ -128,57 +108,15 @@ class Features {
 }
 exports.Features = Features;
 class GitHubFeatureFlags {
-    constructor(gitHubVersion, repositoryNwo, featureFlagsFile, logger) {
+    constructor(gitHubVersion, apiDetails, repositoryNwo, logger) {
        this.gitHubVersion = gitHubVersion;
+        this.apiDetails = apiDetails;
        this.repositoryNwo = repositoryNwo;
-        this.featureFlagsFile = featureFlagsFile;
        this.logger = logger;
        /**/
    }
-    getCliVersionFromFeatureFlag(f) {
-        if (!f.startsWith(DEFAULT_VERSION_FEATURE_FLAG_PREFIX) ||
-            !f.endsWith(DEFAULT_VERSION_FEATURE_FLAG_SUFFIX)) {
-            return undefined;
-        }
-        const version = f
-            .substring(DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length, f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length)
-            .replace(/_/g, ".");
-        if (!semver.valid(version)) {
-            this.logger.warning(`Ignoring feature flag ${f} as it does not specify a valid CodeQL version.`);
-            return undefined;
-        }
-        return version;
-    }
-    async getDefaultCliVersion(variant) {
-        if (variant === util.GitHubVariant.DOTCOM) {
-            return {
-                cliVersion: await this.getDefaultDotcomCliVersion(),
-                variant,
-            };
-        }
-        return {
-            cliVersion: defaults.cliVersion,
-            tagName: defaults.bundleVersion,
-            variant,
-        };
-    }
-    async getDefaultDotcomCliVersion() {
-        const response = await this.getAllFeatures();
-        const enabledFeatureFlagCliVersions = Object.entries(response)
-            .map(([f, isEnabled]) => isEnabled ? this.getCliVersionFromFeatureFlag(f) : undefined)
-            .filter((f) => f !== undefined)
-            .map((f) => f);
-        if (enabledFeatureFlagCliVersions.length === 0) {
-            this.logger.debug("Feature flags do not specify a default CLI version. Falling back to CLI version " +
-                `${MINIMUM_ENABLED_CODEQL_VERSION}.`);
-            return MINIMUM_ENABLED_CODEQL_VERSION;
-        }
-        const maxCliVersion = enabledFeatureFlagCliVersions.reduce((maxVersion, currentVersion) => currentVersion > maxVersion ? currentVersion : maxVersion, enabledFeatureFlagCliVersions[0]);
-        this.logger.debug(`Derived default CLI version of ${maxCliVersion} from feature flags.`);
-        return maxCliVersion;
-    }
    async getValue(feature) {
-        const response = await this.getAllFeatures();
+        const response = await this.getApiResponse();
        if (response === undefined) {
            this.logger.debug(`No feature flags API response for ${feature}, considering it disabled.`);
            return false;
@@ -190,48 +128,10 @@ class GitHubFeatureFlags {
        }
        return !!featureEnablement;
    }
-    async getAllFeatures() {
-        // if we have an in memory cache, use that
-        if (this.cachedApiResponse !== undefined) {
-            return this.cachedApiResponse;
-        }
-        // if a previous step has written a feature flags file to disk, use that
-        const fileFlags = await this.readLocalFlags();
-        if (fileFlags !== undefined) {
-            this.cachedApiResponse = fileFlags;
-            return fileFlags;
-        }
-        // if not, request flags from the server
-        let remoteFlags = await this.loadApiResponse();
-        if (remoteFlags === undefined) {
-            remoteFlags = {};
-        }
-        // cache the response in memory
-        this.cachedApiResponse = remoteFlags;
-        // and cache them to disk so future workflow steps can use them
-        await this.writeLocalFlags(remoteFlags);
-        return remoteFlags;
-    }
-    async readLocalFlags() {
-        try {
-            if (fs.existsSync(this.featureFlagsFile)) {
-                this.logger.debug(`Loading feature flags from ${this.featureFlagsFile}`);
-                return JSON.parse(fs.readFileSync(this.featureFlagsFile, "utf8"));
-            }
-        }
-        catch (e) {
-            this.logger.warning(`Error reading cached feature flags file ${this.featureFlagsFile}: ${e}. Requesting from GitHub instead.`);
-        }
-        return undefined;
-    }
-    async writeLocalFlags(flags) {
-        try {
-            this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`);
-            fs.writeFileSync(this.featureFlagsFile, JSON.stringify(flags));
-        }
-        catch (e) {
-            this.logger.warning(`Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.`);
-        }
+    async getApiResponse() {
+        const apiResponse = this.cachedApiResponse || (await this.loadApiResponse());
+        this.cachedApiResponse = apiResponse;
+        return apiResponse;
    }
    async loadApiResponse() {
        // Do nothing when not running against github.com
@@ -239,15 +139,13 @@ class GitHubFeatureFlags {
            this.logger.debug("Not running against github.com. Disabling all toggleable features.");
            return {};
        }
+        const client = (0, api_client_1.getApiClient)(this.apiDetails);
        try {
-            const response = await (0, api_client_1.getApiClient)().request("GET /repos/:owner/:repo/code-scanning/codeql-action/features", {
+            const response = await client.request("GET /repos/:owner/:repo/code-scanning/codeql-action/features", {
                owner: this.repositoryNwo.owner,
                repo: this.repositoryNwo.repo,
            });
-            const remoteFlags = response.data;
-            this.logger.debug("Loaded the following default values for the feature flags from the Code Scanning API: " +
-                `${JSON.stringify(remoteFlags)}`);
-            return remoteFlags;
+            return response.data;
        }
        catch (e) {
            if (util.isHTTPError(e) && e.status === 403) {
@@ -255,7 +153,6 @@ class GitHubFeatureFlags {
                    "As a result, it will not be opted into any experimental features. " +
                    "This could be because the Action is running on a pull request from a fork. If not, " +
                    `please ensure the Action has the 'security-events: write' permission. Details: ${e}`);
-                return {};
            }
            else {
                // Some features, such as `ml_powered_queries_enabled` affect the produced alerts.
@@ -1,31 +1,9 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
-const defaults = __importStar(require("./defaults.json")); // Referenced from codeql-action-sync-tool!
 const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
@@ -33,8 +11,13 @@ const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
 ava_1.default.beforeEach(() => {
-    (0, util_1.initializeEnvironment)("1.2.3");
+    (0, util_1.initializeEnvironment)(util_1.Mode.actions, "1.2.3");
 });
+const testApiDetails = {
+    auth: "1234",
+    url: "https://github.com",
+    apiURL: undefined,
+};
 const testRepositoryNwo = (0, repository_1.parseRepositoryNwo)("github/example");
 const ALL_FEATURES_DISABLED_VARIANTS = [
    {
@@ -47,7 +30,7 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
    (0, ava_1.default)(`All features are disabled if running against ${variant.description}`, async (t) => {
        await (0, util_1.withTmpDir)(async (tmpDir) => {
            const loggedMessages = [];
-            const featureEnablement = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages), variant.gitHubVersion);
+            const featureEnablement = setUpTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages), variant.gitHubVersion);
            for (const feature of Object.values(feature_flags_1.Feature)) {
                t.false(await featureEnablement.getValue(feature, includeCodeQlIfRequired(feature)));
            }
@@ -60,7 +43,7 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
 (0, ava_1.default)("API response missing", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const loggedMessages = [];
-        const featureEnablement = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
+        const featureEnablement = setUpTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(403, {});
        for (const feature of Object.values(feature_flags_1.Feature)) {
            t.assert((await featureEnablement.getValue(feature, includeCodeQlIfRequired(feature))) === false);
@@ -71,7 +54,7 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
 (0, ava_1.default)("Features are disabled if they're not returned in API response", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const loggedMessages = [];
-        const featureEnablement = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
+        const featureEnablement = setUpTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
        for (const feature of Object.values(feature_flags_1.Feature)) {
            t.assert((await featureEnablement.getValue(feature, includeCodeQlIfRequired(feature))) === false);
@@ -81,7 +64,7 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
 });
 (0, ava_1.default)("Feature flags exception is propagated if the API request errors", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
-        const featureEnablement = setUpFeatureFlagTests(tmpDir);
+        const featureEnablement = setUpTests(tmpDir);
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(500, {});
        await t.throwsAsync(async () => featureEnablement.getValue(feature_flags_1.Feature.MlPoweredQueriesEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.MlPoweredQueriesEnabled)), {
            message: "Encountered an error while trying to determine feature enablement: Error: some error message",
@@ -91,7 +74,7 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
 for (const feature of Object.keys(feature_flags_1.featureConfig)) {
    (0, ava_1.default)(`Only feature '${feature}' is enabled if enabled in the API response. Other features disabled`, async (t) => {
        await (0, util_1.withTmpDir)(async (tmpDir) => {
-            const featureEnablement = setUpFeatureFlagTests(tmpDir);
+            const featureEnablement = setUpTests(tmpDir);
            // set all features to false except the one we're testing
            const expectedFeatureEnablement = {};
            for (const f of Object.keys(feature_flags_1.featureConfig)) {
@@ -109,7 +92,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
    });
    (0, ava_1.default)(`Only feature '${feature}' is enabled if the associated environment variable is true. Others disabled.`, async (t) => {
        await (0, util_1.withTmpDir)(async (tmpDir) => {
-            const featureEnablement = setUpFeatureFlagTests(tmpDir);
+            const featureEnablement = setUpTests(tmpDir);
            const expectedFeatureEnablement = initializeFeatures(false);
            (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
            // feature should be disabled initially
@@ -121,7 +104,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
    });
    (0, ava_1.default)(`Feature '${feature}' is disabled if the associated environment variable is false, even if enabled in API`, async (t) => {
        await (0, util_1.withTmpDir)(async (tmpDir) => {
-            const featureEnablement = setUpFeatureFlagTests(tmpDir);
+            const featureEnablement = setUpTests(tmpDir);
            const expectedFeatureEnablement = initializeFeatures(true);
            (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
            // feature should be enabled initially
@@ -134,7 +117,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
    if (feature_flags_1.featureConfig[feature].minimumVersion !== undefined) {
        (0, ava_1.default)(`Getting feature '${feature} should throw if no codeql is provided`, async (t) => {
            await (0, util_1.withTmpDir)(async (tmpDir) => {
-                const featureEnablement = setUpFeatureFlagTests(tmpDir);
+                const featureEnablement = setUpTests(tmpDir);
                const expectedFeatureEnablement = initializeFeatures(true);
                (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
                await t.throwsAsync(async () => featureEnablement.getValue(feature), {
@@ -146,7 +129,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
    if (feature_flags_1.featureConfig[feature].minimumVersion !== undefined) {
        (0, ava_1.default)(`Feature '${feature}' is disabled if the minimum CLI version is below ${feature_flags_1.featureConfig[feature].minimumVersion}`, async (t) => {
            await (0, util_1.withTmpDir)(async (tmpDir) => {
-                const featureEnablement = setUpFeatureFlagTests(tmpDir);
+                const featureEnablement = setUpTests(tmpDir);
                const expectedFeatureEnablement = initializeFeatures(true);
                (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
                // feature should be disabled when an old CLI version is set
@@ -178,96 +161,6 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
    // An even less likely scenario is that we no longer have any features.
    t.assert(Object.values(feature_flags_1.featureConfig).length > 0, "There should be at least one feature");
 });
-(0, ava_1.default)("Feature flags are saved to disk", async (t) => {
-    await (0, util_1.withTmpDir)(async (tmpDir) => {
-        const featureEnablement = setUpFeatureFlagTests(tmpDir);
-        const expectedFeatureEnablement = initializeFeatures(true);
-        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
-        const cachedFeatureFlags = path.join(tmpDir, feature_flags_1.FEATURE_FLAGS_FILE_NAME);
-        t.false(fs.existsSync(cachedFeatureFlags), "Feature flag cached file should not exist before getting feature flags");
-        t.true(await featureEnablement.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be enabled initially");
-        t.true(fs.existsSync(cachedFeatureFlags), "Feature flag cached file should exist after getting feature flags");
-        const actualFeatureEnablement = JSON.parse(fs.readFileSync(cachedFeatureFlags, "utf8"));
-        t.deepEqual(actualFeatureEnablement, expectedFeatureEnablement);
-        // now test that we actually use the feature flag cache instead of the server
-        actualFeatureEnablement[feature_flags_1.Feature.CliConfigFileEnabled] = false;
-        fs.writeFileSync(cachedFeatureFlags, JSON.stringify(actualFeatureEnablement));
-        // delete the in memory cache so that we are forced to use the cached file
-        featureEnablement.gitHubFeatureFlags.cachedApiResponse = undefined;
-        t.false(await featureEnablement.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be enabled after reading from cached file");
-    });
-});
-(0, ava_1.default)("Environment variable can override feature flag cache", async (t) => {
-    await (0, util_1.withTmpDir)(async (tmpDir) => {
-        const featureEnablement = setUpFeatureFlagTests(tmpDir);
-        const expectedFeatureEnablement = initializeFeatures(true);
-        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
-        const cachedFeatureFlags = path.join(tmpDir, feature_flags_1.FEATURE_FLAGS_FILE_NAME);
-        t.true(await featureEnablement.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be enabled initially");
-        t.true(fs.existsSync(cachedFeatureFlags), "Feature flag cached file should exist after getting feature flags");
-        process.env.CODEQL_PASS_CONFIG_TO_CLI = "false";
-        t.false(await featureEnablement.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be disabled after setting env var");
-    });
-});
-for (const variant of [util_1.GitHubVariant.GHAE, util_1.GitHubVariant.GHES]) {
-    (0, ava_1.default)(`selects CLI from defaults.json on ${util_1.GitHubVariant[variant]}`, async (t) => {
-        await (0, util_1.withTmpDir)(async (tmpDir) => {
-            const features = setUpFeatureFlagTests(tmpDir);
-            t.deepEqual(await features.getDefaultCliVersion(variant), {
-                cliVersion: defaults.cliVersion,
-                tagName: defaults.bundleVersion,
-                variant,
-            });
-        });
-    });
-}
-(0, ava_1.default)("selects CLI v2.12.1 on Dotcom when feature flags enable v2.12.0 and v2.12.1", async (t) => {
-    await (0, util_1.withTmpDir)(async (tmpDir) => {
-        const featureEnablement = setUpFeatureFlagTests(tmpDir);
-        const expectedFeatureEnablement = initializeFeatures(true);
-        expectedFeatureEnablement["default_codeql_version_2_12_0_enabled"] = true;
-        expectedFeatureEnablement["default_codeql_version_2_12_1_enabled"] = true;
-        expectedFeatureEnablement["default_codeql_version_2_12_2_enabled"] = false;
-        expectedFeatureEnablement["default_codeql_version_2_12_3_enabled"] = false;
-        expectedFeatureEnablement["default_codeql_version_2_12_4_enabled"] = false;
-        expectedFeatureEnablement["default_codeql_version_2_12_5_enabled"] = false;
-        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
-        t.deepEqual(await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM), {
-            cliVersion: "2.12.1",
-            variant: util_1.GitHubVariant.DOTCOM,
-        });
-    });
-});
-(0, ava_1.default)(`selects CLI v2.11.6 on Dotcom when no default version feature flags are enabled`, async (t) => {
-    await (0, util_1.withTmpDir)(async (tmpDir) => {
-        const featureEnablement = setUpFeatureFlagTests(tmpDir);
-        const expectedFeatureEnablement = initializeFeatures(true);
-        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
-        t.deepEqual(await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM), {
-            cliVersion: "2.11.6",
-            variant: util_1.GitHubVariant.DOTCOM,
-        });
-    });
-});
-(0, ava_1.default)("ignores invalid version numbers in default version feature flags", async (t) => {
-    await (0, util_1.withTmpDir)(async (tmpDir) => {
-        const loggedMessages = [];
-        const featureEnablement = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
-        const expectedFeatureEnablement = initializeFeatures(true);
-        expectedFeatureEnablement["default_codeql_version_2_12_0_enabled"] = true;
-        expectedFeatureEnablement["default_codeql_version_2_12_1_enabled"] = true;
-        expectedFeatureEnablement["default_codeql_version_2_12_invalid_enabled"] =
-            true;
-        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
-        t.deepEqual(await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM), {
-            cliVersion: "2.12.1",
-            variant: util_1.GitHubVariant.DOTCOM,
-        });
-        t.assert(loggedMessages.find((v) => v.type === "warning" &&
-            v.message ===
-                "Ignoring feature flag default_codeql_version_2_12_invalid_enabled as it does not specify a valid CodeQL version.") !== undefined);
-    });
-});
 function assertAllFeaturesUndefinedInApi(t, loggedMessages) {
    for (const feature of Object.keys(feature_flags_1.featureConfig)) {
        t.assert(loggedMessages.find((v) => v.type === "debug" &&
@@ -281,9 +174,9 @@ function initializeFeatures(initialValue) {
        return features;
    }, {});
 }
-function setUpFeatureFlagTests(tmpDir, logger = (0, logging_1.getRunnerLogger)(true), gitHubVersion = { type: util_1.GitHubVariant.DOTCOM }) {
+function setUpTests(tmpDir, logger = (0, logging_1.getRunnerLogger)(true), gitHubVersion = { type: util_1.GitHubVariant.DOTCOM }) {
    (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-    return new feature_flags_1.Features(gitHubVersion, testRepositoryNwo, tmpDir, logger);
+    return new feature_flags_1.Features(gitHubVersion, testApiDetails, testRepositoryNwo, logger);
 }
 function includeCodeQlIfRequired(feature) {
    return feature_flags_1.featureConfig[feature].minimumVersion !== undefined
@@ -19,94 +19,24 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.run = exports.tryUploadSarifIfRunFailed = void 0;
+exports.run = void 0;
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
-const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
-const feature_flags_1 = require("./feature-flags");
-const shared_environment_1 = require("./shared-environment");
-const uploadLib = __importStar(require("./upload-lib"));
-const util_1 = require("./util");
-const workflow_1 = require("./workflow");
-function createFailedUploadFailedSarifResult(error) {
-    return {
-        upload_failed_run_error: error instanceof Error ? error.message : String(error),
-        upload_failed_run_stack_trace: error instanceof Error ? error.stack : undefined,
-    };
-}
-/**
- * Upload a failed SARIF file if we can verify that SARIF upload is enabled and determine the SARIF
- * category for the workflow.
- */
-async function maybeUploadFailedSarif(config, repositoryNwo, featureEnablement, logger) {
-    var _a;
-    if (!config.codeQLCmd) {
-        return { upload_failed_run_skipped_because: "CodeQL command not found" };
-    }
-    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
-    if (!(await featureEnablement.getValue(feature_flags_1.Feature.UploadFailedSarifEnabled, codeql))) {
-        return { upload_failed_run_skipped_because: "Feature disabled" };
-    }
-    const workflow = await (0, workflow_1.getWorkflow)();
-    const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
-    const matrix = (0, util_1.parseMatrixInput)(actionsUtil.getRequiredInput("matrix"));
-    if ((0, workflow_1.getUploadInputOrThrow)(workflow, jobName, matrix) !== "true" ||
-        (0, util_1.isInTestMode)()) {
-        return { upload_failed_run_skipped_because: "SARIF upload is disabled" };
-    }
-    const category = (0, workflow_1.getCategoryInputOrThrow)(workflow, jobName, matrix);
-    const checkoutPath = (0, workflow_1.getCheckoutPathInputOrThrow)(workflow, jobName, matrix);
-    const sarifFile = "../codeql-failed-run.sarif";
-    await codeql.diagnosticsExport(sarifFile, category);
-    core.info(`Uploading failed SARIF file ${sarifFile}`);
-    const uploadResult = await uploadLib.uploadFromActions(sarifFile, checkoutPath, category, logger);
-    await uploadLib.waitForProcessing(repositoryNwo, uploadResult.sarifID, logger, { isUnsuccessfulExecution: true });
-    return (_a = uploadResult === null || uploadResult === void 0 ? void 0 : uploadResult.statusReport) !== null && _a !== void 0 ? _a : {};
-}
-async function tryUploadSarifIfRunFailed(config, repositoryNwo, featureEnablement, logger) {
-    if (process.env[shared_environment_1.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
-        try {
-            return await maybeUploadFailedSarif(config, repositoryNwo, featureEnablement, logger);
-        }
-        catch (e) {
-            logger.debug(`Failed to upload a SARIF file for this failed CodeQL code scanning run. ${e}`);
-            return createFailedUploadFailedSarifResult(e);
-        }
-    }
-    else {
-        return {
-            upload_failed_run_skipped_because: "Analyze Action completed successfully",
-        };
-    }
-}
-exports.tryUploadSarifIfRunFailed = tryUploadSarifIfRunFailed;
-async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs, repositoryNwo, featureEnablement, logger) {
+const logging_1 = require("./logging");
+async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs) {
+    const logger = (0, logging_1.getActionsLogger)();
    const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
    if (config === undefined) {
        logger.warning("Debugging artifacts are unavailable since the 'init' Action failed before it could produce any.");
-        return;
-    }
-    const uploadFailedSarifResult = await tryUploadSarifIfRunFailed(config, repositoryNwo, featureEnablement, logger);
-    if (uploadFailedSarifResult.upload_failed_run_skipped_because) {
-        logger.debug("Won't upload a failed SARIF file for this CodeQL code scanning run because: " +
-            `${uploadFailedSarifResult.upload_failed_run_skipped_because}.`);
-    }
-    // Throw an error if in integration tests, we expected to upload a SARIF file for a failed run
-    // but we didn't upload anything.
-    if (process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true" &&
-        !uploadFailedSarifResult.raw_upload_size_bytes) {
-        throw new Error("Expected to upload a failed SARIF file for this CodeQL code scanning run, " +
-            `but the result was instead ${uploadFailedSarifResult}.`);
    }
    // Upload appropriate Actions artifacts for debugging
-    if (config.debugMode) {
+    if (config === null || config === void 0 ? void 0 : config.debugMode) {
        core.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
        await uploadDatabaseBundleDebugArtifact(config, logger);
        await uploadLogsDebugArtifact(config);
        await printDebugLogs(config);
    }
-    return uploadFailedSarifResult;
 }
 exports.run = run;
 //# sourceMappingURL=init-action-post-helper.js.map
@@ -1 +1 @@
-{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,OAAO;QACL,uBAAuB,EACrB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,6BAA6B,EAC3B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IACE,CAAC,CAAC,MAAM,iBAAiB,CAAC,QAAQ,CAChC,uBAAO,CAAC,wBAAwB,EAChC,MAAM,CACP,CAAC,EACF;QACA,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,IACE,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,MAAM;QAC3D,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAC/C,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEpD,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,MAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,YAAY,mCAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,iBAAiB,EACjB,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,iBAAiB,EACjB,MAAM,CACP,CAAC;IACF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AApDD,kBAoDC"}
+{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB;IAExB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,EAAE;QACrB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;AACH,CAAC;AAxBD,kBAwBC"}
@@ -24,21 +24,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
-const actionsUtil = __importStar(require("./actions-util"));
-const codeql = __importStar(require("./codeql"));
 const configUtils = __importStar(require("./config-utils"));
-const feature_flags_1 = require("./feature-flags");
 const initActionPostHelper = __importStar(require("./init-action-post-helper"));
-const logging_1 = require("./logging");
-const repository_1 = require("./repository");
 const testing_utils_1 = require("./testing-utils");
-const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
-const workflow = __importStar(require("./workflow"));
 (0, testing_utils_1.setupTests)(ava_1.default);
 (0, ava_1.default)("post: init action with debug mode off", async (t) => {
    return await util.withTmpDir(async (tmpDir) => {
-        process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
        process.env["RUNNER_TEMP"] = tmpDir;
        const gitHubVersion = {
            type: util.GitHubVariant.DOTCOM,
@@ -52,7 +44,7 @@ const workflow = __importStar(require("./workflow"));
        const uploadDatabaseBundleSpy = sinon.spy();
        const uploadLogsSpy = sinon.spy();
        const printDebugLogsSpy = sinon.spy();
-        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy, (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy);
        t.assert(uploadDatabaseBundleSpy.notCalled);
        t.assert(uploadLogsSpy.notCalled);
        t.assert(printDebugLogsSpy.notCalled);
@@ -60,7 +52,6 @@ const workflow = __importStar(require("./workflow"));
 });
 (0, ava_1.default)("post: init action with debug mode on", async (t) => {
    return await util.withTmpDir(async (tmpDir) => {
-        process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
        process.env["RUNNER_TEMP"] = tmpDir;
        const gitHubVersion = {
            type: util.GitHubVariant.DOTCOM,
@@ -74,193 +65,10 @@ const workflow = __importStar(require("./workflow"));
        const uploadDatabaseBundleSpy = sinon.spy();
        const uploadLogsSpy = sinon.spy();
        const printDebugLogsSpy = sinon.spy();
-        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy, (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy);
        t.assert(uploadDatabaseBundleSpy.called);
        t.assert(uploadLogsSpy.called);
        t.assert(printDebugLogsSpy.called);
    });
 });
-(0, ava_1.default)("uploads failed SARIF run for typical workflow", async (t) => {
-    const actionsWorkflow = createTestWorkflow([
-        {
-            name: "Checkout repository",
-            uses: "actions/checkout@v3",
-        },
-        {
-            name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
-            with: {
-                languages: "javascript",
-            },
-        },
-        {
-            name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
-            with: {
-                category: "my-category",
-            },
-        },
-    ]);
-    await testFailedSarifUpload(t, actionsWorkflow, { category: "my-category" });
-});
-(0, ava_1.default)("doesn't upload failed SARIF for workflow with upload: false", async (t) => {
-    const actionsWorkflow = createTestWorkflow([
-        {
-            name: "Checkout repository",
-            uses: "actions/checkout@v3",
-        },
-        {
-            name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
-            with: {
-                languages: "javascript",
-            },
-        },
-        {
-            name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
-            with: {
-                category: "my-category",
-                upload: false,
-            },
-        },
-    ]);
-    const result = await testFailedSarifUpload(t, actionsWorkflow, {
-        expectUpload: false,
-    });
-    t.is(result.upload_failed_run_skipped_because, "SARIF upload is disabled");
-});
-(0, ava_1.default)("uploading failed SARIF run succeeds when workflow uses an input with a matrix var", async (t) => {
-    const actionsWorkflow = createTestWorkflow([
-        {
-            name: "Checkout repository",
-            uses: "actions/checkout@v3",
-        },
-        {
-            name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
-            with: {
-                languages: "javascript",
-            },
-        },
-        {
-            name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
-            with: {
-                category: "/language:${{ matrix.language }}",
-            },
-        },
-    ]);
-    await testFailedSarifUpload(t, actionsWorkflow, {
-        category: "/language:csharp",
-        matrix: { language: "csharp" },
-    });
-});
-(0, ava_1.default)("uploading failed SARIF run fails when workflow uses a complex upload input", async (t) => {
-    const actionsWorkflow = createTestWorkflow([
-        {
-            name: "Checkout repository",
-            uses: "actions/checkout@v3",
-        },
-        {
-            name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
-            with: {
-                languages: "javascript",
-            },
-        },
-        {
-            name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
-            with: {
-                upload: "${{ matrix.language != 'csharp' }}",
-            },
-        },
-    ]);
-    const result = await testFailedSarifUpload(t, actionsWorkflow, {
-        expectUpload: false,
-    });
-    t.is(result.upload_failed_run_error, "Could not get upload input to github/codeql-action/analyze since it contained an " +
-        "unrecognized dynamic value.");
-});
-(0, ava_1.default)("uploading failed SARIF run fails when workflow does not reference github/codeql-action", async (t) => {
-    const actionsWorkflow = createTestWorkflow([
-        {
-            name: "Checkout repository",
-            uses: "actions/checkout@v3",
-        },
-    ]);
-    const result = await testFailedSarifUpload(t, actionsWorkflow, {
-        expectUpload: false,
-    });
-    t.is(result.upload_failed_run_error, "Could not get upload input to github/codeql-action/analyze since the analyze job does not " +
-        "call github/codeql-action/analyze.");
-    t.truthy(result.upload_failed_run_stack_trace);
-});
-function createTestWorkflow(steps) {
-    return {
-        name: "CodeQL",
-        on: {
-            push: {
-                branches: ["main"],
-            },
-            pull_request: {
-                branches: ["main"],
-            },
-        },
-        jobs: {
-            analyze: {
-                name: "CodeQL Analysis",
-                "runs-on": "ubuntu-latest",
-                steps,
-            },
-        },
-    };
-}
-async function testFailedSarifUpload(t, actionsWorkflow, { category, expectUpload = true, matrix = {}, } = {}) {
-    const config = {
-        codeQLCmd: "codeql",
-        debugMode: true,
-        languages: [],
-        packs: [],
-    };
-    process.env["GITHUB_JOB"] = "analyze";
-    process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
-    process.env["GITHUB_WORKSPACE"] =
-        "/home/runner/work/codeql-action/codeql-action";
-    sinon
-        .stub(actionsUtil, "getRequiredInput")
-        .withArgs("matrix")
-        .returns(JSON.stringify(matrix));
-    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeql, "getCodeQL").resolves(codeqlObject);
-    const diagnosticsExportStub = sinon.stub(codeqlObject, "diagnosticsExport");
-    sinon.stub(workflow, "getWorkflow").resolves(actionsWorkflow);
-    const uploadFromActions = sinon.stub(uploadLib, "uploadFromActions");
-    uploadFromActions.resolves({
-        sarifID: "42",
-        statusReport: { raw_upload_size_bytes: 20, zipped_upload_size_bytes: 10 },
-    });
-    const waitForProcessing = sinon.stub(uploadLib, "waitForProcessing");
-    const result = await initActionPostHelper.tryUploadSarifIfRunFailed(config, (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.UploadFailedSarifEnabled]), (0, logging_1.getRunnerLogger)(true));
-    if (expectUpload) {
-        t.deepEqual(result, {
-            raw_upload_size_bytes: 20,
-            zipped_upload_size_bytes: 10,
-        });
-    }
-    if (expectUpload) {
-        t.true(diagnosticsExportStub.calledOnceWith(sinon.match.string, category), `Actual args were: ${diagnosticsExportStub.args}`);
-        t.true(uploadFromActions.calledOnceWith(sinon.match.string, sinon.match.string, category, sinon.match.any), `Actual args were: ${uploadFromActions.args}`);
-        t.true(waitForProcessing.calledOnceWith(sinon.match.any, "42", sinon.match.any, {
-            isUnsuccessfulExecution: true,
-        }));
-    }
-    else {
-        t.true(diagnosticsExportStub.notCalled);
-        t.true(uploadFromActions.notCalled);
-        t.true(waitForProcessing.notCalled);
-    }
-    return result;
-}
 //# sourceMappingURL=init-action-post-helper.test.js.map
@@ -25,37 +25,17 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-const actions_util_1 = require("./actions-util");
-const api_client_1 = require("./api-client");
+const actionsUtil = __importStar(require("./actions-util"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
-const feature_flags_1 = require("./feature-flags");
 const initActionPostHelper = __importStar(require("./init-action-post-helper"));
-const logging_1 = require("./logging");
-const repository_1 = require("./repository");
-const util_1 = require("./util");
 async function runWrapper() {
-    const startedAt = new Date();
-    let uploadFailedSarifResult;
    try {
-        const logger = (0, logging_1.getActionsLogger)();
-        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
-        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
-        const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
-        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
-        uploadFailedSarifResult = await initActionPostHelper.run(debugArtifacts.uploadDatabaseBundleDebugArtifact, debugArtifacts.uploadLogsDebugArtifact, actions_util_1.printDebugLogs, repositoryNwo, features, logger);
+        await initActionPostHelper.run(debugArtifacts.uploadDatabaseBundleDebugArtifact, debugArtifacts.uploadLogsDebugArtifact, actionsUtil.printDebugLogs);
    }
-    catch (e) {
-        core.setFailed(e instanceof Error ? e.message : String(e));
-        console.log(e);
-        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init-post", (0, actions_util_1.getActionsStatus)(e), startedAt, String(e), e instanceof Error ? e.stack : undefined));
-        return;
+    catch (error) {
+        core.setFailed(`init post-action step failed: ${error}`);
+        console.log(error);
    }
-    const statusReportBase = await (0, actions_util_1.createStatusReportBase)("init-post", "success", startedAt);
-    const statusReport = {
-        ...statusReportBase,
-        ...uploadFailedSarifResult,
-    };
-    await (0, actions_util_1.sendStatusReport)(statusReport);
 }
 void runWrapper();
 //# sourceMappingURL=init-action-post.js.map
@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAOwB;AACxB,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,iCAAwE;AAMxE,KAAK,UAAU,UAAU;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAES,CAAC;IACd,IAAI;QACF,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,SAAS,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAE3D,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,MAAM,IAAA,+BAAgB,EACpB,MAAM,IAAA,qCAAsB,EAC1B,WAAW,EACX,IAAA,+BAAgB,EAAC,CAAC,CAAC,EACnB,SAAS,EACT,MAAM,CAAC,CAAC,CAAC,EACT,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CACzC,CACF,CAAC;QACF,OAAO;KACR;IACD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAAyB;QACzC,GAAG,gBAAgB;QACnB,GAAG,uBAAuB;KAC3B,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,4DAA8C;AAC9C,kEAAoD;AACpD,gFAAkE;AAElE,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,oBAAoB,CAAC,GAAG,CAC5B,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,WAAW,CAAC,cAAc,CAC3B,CAAC;KACH;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,iCAAiC,KAAK,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
@@ -31,7 +31,6 @@ const logging_1 = require("./logging");
 const repository_1 = require("./repository");
 const trap_caching_1 = require("./trap-caching");
 const util_1 = require("./util");
-const workflow_1 = require("./workflow");
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
 async function sendSuccessStatusReport(startedAt, config, toolsVersion, logger) {
@@ -75,7 +74,7 @@ async function sendSuccessStatusReport(startedAt, config, toolsVersion, logger)
 async function run() {
    const startedAt = new Date();
    const logger = (0, logging_1.getActionsLogger)();
-    (0, util_1.initializeEnvironment)(pkg.version);
+    (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
    await (0, util_1.checkActionVersion)(pkg.version);
    let config;
    let codeql;
@@ -86,20 +85,19 @@ async function run() {
        url: (0, util_1.getRequiredEnvParam)("GITHUB_SERVER_URL"),
        apiURL: (0, util_1.getRequiredEnvParam)("GITHUB_API_URL"),
    };
-    const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
-    (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
+    const gitHubVersion = await (0, api_client_1.getGitHubVersionActionsOnly)();
+    (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger, util_1.Mode.actions);
    const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
-    const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
+    const features = new feature_flags_1.Features(gitHubVersion, apiDetails, repositoryNwo, logger);
    try {
-        const workflowErrors = await (0, workflow_1.validateWorkflow)();
+        const workflowErrors = await (0, actions_util_1.validateWorkflow)();
        if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "starting", startedAt, workflowErrors)))) {
            return;
        }
-        const defaultCliVersion = await features.getDefaultCliVersion(gitHubVersion.type);
-        const initCodeQLResult = await (0, init_1.initCodeQL)((0, actions_util_1.getOptionalInput)("tools"), apiDetails, (0, actions_util_1.getTemporaryDirectory)(), gitHubVersion.type, await (0, util_1.shouldBypassToolcache)(features, (0, actions_util_1.getOptionalInput)("tools"), (0, actions_util_1.getOptionalInput)("languages"), repositoryNwo, logger), defaultCliVersion, logger);
+        const initCodeQLResult = await (0, init_1.initCodeQL)((0, actions_util_1.getOptionalInput)("tools"), apiDetails, (0, actions_util_1.getTemporaryDirectory)(), gitHubVersion.type, features, logger);
        codeql = initCodeQLResult.codeql;
        toolsVersion = initCodeQLResult.toolsVersion;
-        await (0, util_1.enrichEnvironment)(codeql);
+        await (0, util_1.enrichEnvironment)(util_1.Mode.actions, codeql);
        config = await (0, init_1.initConfig)((0, actions_util_1.getOptionalInput)("languages"), (0, actions_util_1.getOptionalInput)("queries"), (0, actions_util_1.getOptionalInput)("packs"), (0, actions_util_1.getOptionalInput)("registries"), (0, actions_util_1.getOptionalInput)("config-file"), (0, actions_util_1.getOptionalInput)("db-location"), await getTrapCachingEnabled(features), 
        // Debug mode is enabled if:
        // - The `init` Action is passed `debug: true`.
@@ -139,12 +137,8 @@ async function run() {
        core.exportVariable("CODEQL_RAM", process.env["CODEQL_RAM"] ||
            (0, util_1.getMemoryFlagValue)((0, actions_util_1.getOptionalInput)("ram")).toString());
        core.exportVariable("CODEQL_THREADS", (0, util_1.getThreadsFlagValue)((0, actions_util_1.getOptionalInput)("threads"), logger).toString());
-        // Disable Kotlin extractor if feature flag set
-        if (await features.getValue(feature_flags_1.Feature.DisableKotlinAnalysisEnabled)) {
-            core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");
-        }
        const sourceRoot = path.resolve((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), (0, actions_util_1.getOptionalInput)("source-root") || "");
-        const tracerConfig = await (0, init_1.runInit)(codeql, config, sourceRoot, "Runner.Worker.exe", features, logger);
+        const tracerConfig = await (0, init_1.runInit)(codeql, config, sourceRoot, "Runner.Worker.exe", undefined, features, logger);
        if (tracerConfig !== undefined) {
            for (const [key, value] of Object.entries(tracerConfig.env)) {
                core.exportVariable(key, value);
@@ -183,7 +177,6 @@ async function runWrapper() {
        core.setFailed(`init action failed: ${error}`);
        console.log(error);
    }
-    await (0, util_1.checkForTimeout)();
 }
 void runWrapper();
 //# sourceMappingURL=init-action.js.map
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Henry Mercer	d559e4df65	Add setup Go	2022-11-15 20:25:05 +00:00
Henry Mercer	9684086377	Turn off fast fail for debugging	2022-11-15 19:44:08 +00:00