Specify Accept header for toolcache.downloadTool

2026-05-10 07:40:28 +00:00 · 2025-09-17 18:36:30 +01:00
72 changed files with 700 additions and 766 deletions
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -1,449 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     pr-checks/sync.sh
-# to regenerate this file.
-
-name: Manual Check - all
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    paths:
-      - .github/workflows/__all.yml
-  workflow_dispatch:
-    inputs:
-      go-version:
-        type: string
-        description: The version of Go to install
-        required: false
-        default: '>=1.21.0'
-      java-version:
-        type: string
-        description: The version of Java to install
-        required: false
-        default: '17'
-  workflow_call:
-    inputs:
-      go-version:
-        type: string
-        description: The version of Go to install
-        required: false
-        default: '>=1.21.0'
-      java-version:
-        type: string
-        description: The version of Java to install
-        required: false
-        default: '17'
-jobs:
-  all-platform-bundle:
-    name: All-platform bundle
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__all-platform-bundle.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  analyze-ref-input:
-    name: "Analyze: 'ref' and 'sha' from inputs"
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__analyze-ref-input.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  autobuild-action:
-    name: autobuild-action
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__autobuild-action.yml
-    with: {}
-  autobuild-direct-tracing-with-working-dir:
-    name: Autobuild direct tracing (custom working directory)
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__autobuild-direct-tracing-with-working-dir.yml
-    with:
-      java-version: ${{ inputs.java-version }}
-  autobuild-direct-tracing:
-    name: Autobuild direct tracing
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__autobuild-direct-tracing.yml
-    with:
-      java-version: ${{ inputs.java-version }}
-  build-mode-autobuild:
-    name: Build mode autobuild
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__build-mode-autobuild.yml
-    with: {}
-  build-mode-manual:
-    name: Build mode manual
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__build-mode-manual.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  build-mode-none:
-    name: Build mode none
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__build-mode-none.yml
-    with: {}
-  build-mode-rollback:
-    name: Build mode rollback
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__build-mode-rollback.yml
-    with: {}
-  bundle-toolcache:
-    name: 'Bundle: Caching checks'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__bundle-toolcache.yml
-    with: {}
-  bundle-zstd:
-    name: 'Bundle: Zstandard checks'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__bundle-zstd.yml
-    with: {}
-  cleanup-db-cluster-dir:
-    name: Clean up database cluster directory
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__cleanup-db-cluster-dir.yml
-    with: {}
-  config-export:
-    name: Config export
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__config-export.yml
-    with: {}
-  config-input:
-    name: Config input
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__config-input.yml
-    with: {}
-  cpp-deptrace-disabled:
-    name: 'C/C++: disabling autoinstalling dependencies (Linux)'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__cpp-deptrace-disabled.yml
-    with: {}
-  cpp-deptrace-enabled-on-macos:
-    name: 'C/C++: autoinstalling dependencies is skipped (macOS)'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__cpp-deptrace-enabled-on-macos.yml
-    with: {}
-  cpp-deptrace-enabled:
-    name: 'C/C++: autoinstalling dependencies (Linux)'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__cpp-deptrace-enabled.yml
-    with: {}
-  diagnostics-export:
-    name: Diagnostic export
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__diagnostics-export.yml
-    with: {}
-  export-file-baseline-information:
-    name: Export file baseline information
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__export-file-baseline-information.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  extractor-ram-threads:
-    name: Extractor ram and threads options test
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__extractor-ram-threads.yml
-    with: {}
-  go-custom-queries:
-    name: 'Go: Custom queries'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__go-custom-queries.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  go-indirect-tracing-workaround-diagnostic:
-    name: 'Go: diagnostic when Go is changed after init step'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  go-indirect-tracing-workaround-no-file-program:
-    name: 'Go: diagnostic when `file` is not installed'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  go-indirect-tracing-workaround:
-    name: 'Go: workaround for indirect tracing'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__go-indirect-tracing-workaround.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  go-tracing-autobuilder:
-    name: 'Go: tracing with autobuilder step'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__go-tracing-autobuilder.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  go-tracing-custom-build-steps:
-    name: 'Go: tracing with custom build steps'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__go-tracing-custom-build-steps.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  go-tracing-legacy-workflow:
-    name: 'Go: tracing with legacy workflow'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__go-tracing-legacy-workflow.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  init-with-registries:
-    name: 'Packaging: Download using registries'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__init-with-registries.yml
-    with: {}
-  javascript-source-root:
-    name: Custom source root
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__javascript-source-root.yml
-    with: {}
-  job-run-uuid-sarif:
-    name: Job run UUID added to SARIF
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__job-run-uuid-sarif.yml
-    with: {}
-  language-aliases:
-    name: Language aliases
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__language-aliases.yml
-    with: {}
-  multi-language-autodetect:
-    name: Multi-language repository
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__multi-language-autodetect.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  overlay-init-fallback:
-    name: Overlay database init fallback
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__overlay-init-fallback.yml
-    with: {}
-  packaging-codescanning-config-inputs-js:
-    name: 'Packaging: Config and input passed to the CLI'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__packaging-codescanning-config-inputs-js.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  packaging-config-inputs-js:
-    name: 'Packaging: Config and input'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__packaging-config-inputs-js.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  packaging-config-js:
-    name: 'Packaging: Config file'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__packaging-config-js.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  packaging-inputs-js:
-    name: 'Packaging: Action input'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__packaging-inputs-js.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  quality-queries:
-    name: Quality queries input
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__quality-queries.yml
-    with: {}
-  remote-config:
-    name: Remote config file
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__remote-config.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  resolve-environment-action:
-    name: Resolve environment
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__resolve-environment-action.yml
-    with: {}
-  rubocop-multi-language:
-    name: RuboCop multi-language
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__rubocop-multi-language.yml
-    with: {}
-  ruby:
-    name: Ruby analysis
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__ruby.yml
-    with: {}
-  rust:
-    name: Rust analysis
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__rust.yml
-    with: {}
-  split-workflow:
-    name: Split workflow
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__split-workflow.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  start-proxy:
-    name: Start proxy
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__start-proxy.yml
-    with: {}
-  submit-sarif-failure:
-    name: Submit SARIF after failure
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__submit-sarif-failure.yml
-    with: {}
-  swift-autobuild:
-    name: Swift analysis using autobuild
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__swift-autobuild.yml
-    with: {}
-  swift-custom-build:
-    name: Swift analysis using a custom build command
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__swift-custom-build.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  test-autobuild-working-dir:
-    name: Autobuild working directory
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__test-autobuild-working-dir.yml
-    with: {}
-  test-local-codeql:
-    name: Local CodeQL bundle
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__test-local-codeql.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  test-proxy:
-    name: Proxy test
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__test-proxy.yml
-    with: {}
-  unset-environment:
-    name: Test unsetting environment variables
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__unset-environment.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  upload-quality-sarif:
-    name: 'Upload-sarif: code quality endpoint'
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__upload-quality-sarif.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  upload-ref-sha-input:
-    name: "Upload-sarif: 'ref' and 'sha' from inputs"
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__upload-ref-sha-input.yml
-    with:
-      go-version: ${{ inputs.go-version }}
-  with-checkout-path:
-    name: Use a custom `checkout_path`
-    permissions:
-      contents: read
-      security-events: read
-    uses: ./.github/workflows/__with-checkout-path.yml
-    with:
-      go-version: ${{ inputs.go-version }}
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -18,13 +18,6 @@ on:
        description: The version of Go to install
        required: false
        default: '>=1.21.0'
-  workflow_call:
-    inputs:
-      go-version:
-        type: string
-        description: The version of Go to install
-        required: false
-        default: '>=1.21.0'
 jobs:
  go-custom-queries:
    name: 'Go: Custom queries'
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -63,8 +73,10 @@ jobs:
      - uses: ./../action/init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
-          languages: csharp,java,javascript,python
-          analysis-kinds: code-quality
+          languages: cpp,csharp,java,javascript,python
+          config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
+            github.sha }}
+          analysis-kinds: code-scanning,code-quality
      - name: Build code
        run: ./build.sh
  # Generate some SARIF we can upload with the upload-sarif step
@@ -74,12 +86,8 @@ jobs:
          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
          upload: never
      - uses: ./../action/upload-sarif
-        id: upload-sarif
        with:
          ref: refs/heads/main
          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
-      - name: Check output from `upload-sarif` step
-        if: fromJSON(steps.upload-sarif.outputs.sarif-ids)[0].analysis != 'code-quality'
-        run: exit 1
    env:
      CODEQL_ACTION_TEST_MODE: true
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -8,6 +8,16 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch:
@@ -31,7 +31,7 @@ jobs:
        run: git config --global core.autocrlf false

      - uses: actions/checkout@v5
-
+      
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
@@ -70,12 +70,6 @@ jobs:
          sarif_file: eslint.sarif
          category: eslint

-  pr-checks:
-    name: "Run all PR checks"
-    needs:
-      - unit-tests
-    uses: ./.github/workflows/__all.yml
-
  check-node-version:
    if: github.event.pull_request
    name: Check Action Node versions
@@ -58,7 +58,7 @@ inputs:
    # If changing this, make sure to update workflow.ts accordingly.
    default: ${{ github.workspace }}
  ref:
-    description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is ignored for pull requests from forks. Expected format: refs/heads/<branch name>, refs/tags/<tag>, refs/pull/<number>/merge, or refs/pull/<number>/head."
+    description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is ignored for pull requests from forks."
    required: false
  sha:
    description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is ignored for pull requests from forks."
@@ -89754,7 +89754,7 @@ async function tryGetFolderBytes(cacheDir, logger, quiet = false) {
  }
 }
 var hadTimeout = false;
-async function waitForResultWithTimeLimit(timeoutMs, promise, onTimeout) {
+async function withTimeout(timeoutMs, promise, onTimeout) {
  let finished2 = false;
  const mainTask = async () => {
    const result = await promise;
@@ -90872,7 +90872,7 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
 }
 var CACHE_VERSION = 1;
 var CACHE_PREFIX = "codeql-overlay-base-database";
-var MAX_CACHE_OPERATION_MS = 6e5;
+var MAX_CACHE_OPERATION_MS = 12e4;
 function checkOverlayBaseDatabase(config, logger, warningPrefix) {
  const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
  if (!fs6.existsSync(baseDatabaseOidsFilePath)) {
@@ -90940,7 +90940,7 @@ async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) {
    `Uploading overlay-base database to Actions cache with key ${cacheSaveKey}`
  );
  try {
-    const cacheId = await waitForResultWithTimeLimit(
+    const cacheId = await withTimeout(
      MAX_CACHE_OPERATION_MS,
      actionsCache.saveCache([dbLocation], cacheSaveKey),
      () => {
@@ -91498,7 +91498,7 @@ async function uploadTrapCaches(codeql, config, logger) {
      process.env.GITHUB_SHA || "unknown"
    );
    logger.info(`Uploading TRAP cache to Actions cache with key ${key}`);
-    await waitForResultWithTimeLimit(
+    await withTimeout(
      MAX_CACHE_OPERATION_MS2,
      actionsCache2.saveCache([cacheDir], key),
      () => {
@@ -85619,7 +85619,7 @@ async function tryGetFolderBytes(cacheDir, logger, quiet = false) {
  }
 }
 var hadTimeout = false;
-async function waitForResultWithTimeLimit(timeoutMs, promise, onTimeout) {
+async function withTimeout(timeoutMs, promise, onTimeout) {
  let finished2 = false;
  const mainTask = async () => {
    const result = await promise;
@@ -86478,7 +86478,7 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
 }
 var CACHE_VERSION = 1;
 var CACHE_PREFIX = "codeql-overlay-base-database";
-var MAX_CACHE_OPERATION_MS = 6e5;
+var MAX_CACHE_OPERATION_MS = 12e4;
 function checkOverlayBaseDatabase(config, logger, warningPrefix) {
  const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
  if (!fs6.existsSync(baseDatabaseOidsFilePath)) {
@@ -86521,39 +86521,9 @@ async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) {
  let databaseDownloadDurationMs = 0;
  try {
    const databaseDownloadStart = performance.now();
-    const foundKey = await waitForResultWithTimeLimit(
-      // This ten-minute limit for the cache restore operation is mainly to
-      // guard against the possibility that the cache service is unresponsive
-      // and hangs outside the data download.
-      //
-      // Data download (which is normally the most time-consuming part of the
-      // restore operation) should not run long enough to hit this limit. Even
-      // for an extremely large 10GB database, at a download speed of 40MB/s
-      // (see below), the download should complete within five minutes. If we
-      // do hit this limit, there are likely more serious problems other than
-      // mere slow download speed.
-      //
-      // This is important because we don't want any ongoing file operations
-      // on the database directory when we do hit this limit. Hitting this
-      // time limit takes us to a fallback path where we re-initialize the
-      // database from scratch at dbLocation, and having the cache restore
-      // operation continue to write into dbLocation in the background would
-      // really mess things up. We want to hit this limit only in the case
-      // of a hung cache service, not just slow download speed.
+    const foundKey = await withTimeout(
      MAX_CACHE_OPERATION_MS,
-      actionsCache.restoreCache(
-        [dbLocation],
-        cacheRestoreKeyPrefix,
-        void 0,
-        {
-          // Azure SDK download (which is the default) uses 128MB segments; see
-          // https://github.com/actions/toolkit/blob/main/packages/cache/README.md.
-          // Setting segmentTimeoutInMs to 3000 translates to segment download
-          // speed of about 40 MB/s, which should be achievable unless the
-          // download is unreliable (in which case we do want to abort).
-          segmentTimeoutInMs: 3e3
-        }
-      ),
+      actionsCache.restoreCache([dbLocation], cacheRestoreKeyPrefix),
      () => {
        logger.info("Timed out downloading overlay-base database from cache");
      }
@@ -87136,7 +87106,7 @@ async function downloadTrapCaches(codeql, languages, logger) {
    logger.info(
      `Looking in Actions cache for TRAP cache with key ${preferredKey}`
    );
-    const found = await waitForResultWithTimeLimit(
+    const found = await withTimeout(
      MAX_CACHE_OPERATION_MS2,
      actionsCache2.restoreCache([cacheDir], preferredKey, [
        // Fall back to any cache with the right key prefix
@@ -49682,7 +49682,14 @@ async function getProxyBinaryPath(logger) {
  const proxyInfo = await getDownloadUrl(logger);
  let proxyBin = toolcache.find(proxyFileName, proxyInfo.version);
  if (!proxyBin) {
-    const temp = await toolcache.downloadTool(proxyInfo.url);
+    const temp = await toolcache.downloadTool(
+      proxyInfo.url,
+      void 0,
+      void 0,
+      {
+        accept: "application/octet-stream"
+      }
+    );
    const extracted = await toolcache.extractTar(temp);
    proxyBin = await toolcache.cacheDir(
      extracted,
@@ -92985,6 +92985,23 @@ function findSarifFilesInDir(sarifPath, isSarif) {
  walkSarifFiles(sarifPath);
  return sarifFiles;
 }
+function getSarifFilePaths(sarifPath, isSarif) {
+  if (!fs14.existsSync(sarifPath)) {
+    throw new ConfigurationError(`Path does not exist: ${sarifPath}`);
+  }
+  let sarifFiles;
+  if (fs14.lstatSync(sarifPath).isDirectory()) {
+    sarifFiles = findSarifFilesInDir(sarifPath, isSarif);
+    if (sarifFiles.length === 0) {
+      throw new ConfigurationError(
+        `No SARIF files found to upload in "${sarifPath}".`
+      );
+    }
+  } else {
+    sarifFiles = [sarifPath];
+  }
+  return sarifFiles;
+}
 function countResultsInSarif(sarif) {
  let numResults = 0;
  const parsedSarif = JSON.parse(sarif);
@@ -93080,6 +93097,20 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
  }
  return payloadObj;
 }
+async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
+  const sarifPaths = getSarifFilePaths(
+    inputSarifPath,
+    uploadTarget.sarifPredicate
+  );
+  return uploadSpecifiedFiles(
+    sarifPaths,
+    checkoutPath,
+    category,
+    features,
+    logger,
+    uploadTarget
+  );
+}
 async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
  logger.startGroup(`Uploading ${uploadTarget.name} results`);
  logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
@@ -93327,30 +93358,6 @@ function filterAlertsByDiffRange(logger, sarif) {
 }

 // src/upload-sarif-action.ts
-async function findAndUpload(logger, features, sarifPath, pathStats, checkoutPath, analysis, category) {
-  let sarifFiles;
-  if (pathStats.isDirectory()) {
-    sarifFiles = findSarifFilesInDir(
-      sarifPath,
-      analysis.sarifPredicate
-    );
-  } else if (pathStats.isFile() && analysis.sarifPredicate(sarifPath)) {
-    sarifFiles = [sarifPath];
-  } else {
-    return void 0;
-  }
-  if (sarifFiles.length !== 0) {
-    return await uploadSpecifiedFiles(
-      sarifFiles,
-      checkoutPath,
-      category,
-      features,
-      logger,
-      analysis
-    );
-  }
-  return void 0;
-}
 async function sendSuccessStatusReport(startedAt, uploadStats, logger) {
  const statusReportBase = await createStatusReportBase(
    "upload-sarif" /* UploadSarif */,
@@ -93397,59 +93404,41 @@ async function run() {
    const sarifPath = getRequiredInput("sarif_file");
    const checkoutPath = getRequiredInput("checkout_path");
    const category = getOptionalInput("category");
-    const pathStats = fs15.lstatSync(sarifPath, { throwIfNoEntry: false });
-    if (pathStats === void 0) {
-      throw new ConfigurationError(`Path does not exist: ${sarifPath}.`);
-    }
-    const sarifIds = [];
-    const uploadResult = await findAndUpload(
-      logger,
-      features,
+    const uploadResult = await uploadFiles(
      sarifPath,
-      pathStats,
      checkoutPath,
-      CodeScanning,
-      category
-    );
-    if (uploadResult !== void 0) {
-      core13.setOutput("sarif-id", uploadResult.sarifID);
-      sarifIds.push({
-        analysis: "code-scanning" /* CodeScanning */,
-        id: uploadResult.sarifID
-      });
-    }
-    const qualityUploadResult = await findAndUpload(
-      logger,
+      category,
      features,
-      sarifPath,
-      pathStats,
-      checkoutPath,
-      CodeQuality,
-      fixCodeQualityCategory(logger, category)
+      logger,
+      CodeScanning
    );
-    if (qualityUploadResult !== void 0) {
-      sarifIds.push({
-        analysis: "code-quality" /* CodeQuality */,
-        id: qualityUploadResult.sarifID
-      });
-    }
-    core13.setOutput("sarif-ids", JSON.stringify(sarifIds));
-    if (isInTestMode()) {
-      core13.debug("In test mode. Waiting for processing is disabled.");
-    } else if (getRequiredInput("wait-for-processing") === "true") {
-      if (uploadResult !== void 0) {
-        await waitForProcessing(
-          getRepositoryNwo(),
-          uploadResult.sarifID,
-          logger
+    core13.setOutput("sarif-id", uploadResult.sarifID);
+    if (fs15.lstatSync(sarifPath).isDirectory()) {
+      const qualitySarifFiles = findSarifFilesInDir(
+        sarifPath,
+        CodeQuality.sarifPredicate
+      );
+      if (qualitySarifFiles.length !== 0) {
+        await uploadSpecifiedFiles(
+          qualitySarifFiles,
+          checkoutPath,
+          fixCodeQualityCategory(logger, category),
+          features,
+          logger,
+          CodeQuality
        );
      }
    }
-    await sendSuccessStatusReport(
-      startedAt,
-      uploadResult?.statusReport || {},
-      logger
-    );
+    if (isInTestMode()) {
+      core13.debug("In test mode. Waiting for processing is disabled.");
+    } else if (getRequiredInput("wait-for-processing") === "true") {
+      await waitForProcessing(
+        getRepositoryNwo(),
+        uploadResult.sarifID,
+        logger
+      );
+    }
+    await sendSuccessStatusReport(startedAt, uploadResult.statusReport, logger);
  } catch (unwrappedError) {
    const error2 = isThirdPartyAnalysis("upload-sarif" /* UploadSarif */) && unwrappedError instanceof InvalidSarifUploadError ? new ConfigurationError(unwrappedError.message) : wrapError(unwrappedError);
    const message = error2.message;
@@ -6,8 +6,9 @@ steps:
  - uses: ./../action/init
    with:
      tools: ${{ steps.prepare-test.outputs.tools-url }}
-      languages: csharp,java,javascript,python
-      analysis-kinds: code-quality
+      languages: cpp,csharp,java,javascript,python
+      config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
+      analysis-kinds: code-scanning,code-quality
  - name: Build code
    run: ./build.sh
  # Generate some SARIF we can upload with the upload-sarif step
@@ -17,10 +18,6 @@ steps:
      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
      upload: never
  - uses: ./../action/upload-sarif
-    id: upload-sarif
    with:
      ref: 'refs/heads/main'
      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
-  - name: "Check output from `upload-sarif` step"
-    if: fromJSON(steps.upload-sarif.outputs.sarif-ids)[0].analysis != 'code-quality'
-    run: exit 1
@@ -231,13 +231,6 @@ for file in sorted((this_dir / 'checks').glob('*.yml')):
        checkJob['env']['CODEQL_ACTION_TEST_MODE'] = True
    checkName = file.stem

-    # Add this check to the collection of all PR checks.
-    collections.setdefault("all", []).append({
-        'specification': checkSpecification,
-        'checkName': checkName,
-        'inputs': workflowInputs
-    })
-
    # If this check belongs to a named collection, record it.
    if 'collection' in checkSpecification:
        collection_name = checkSpecification['collection']
@@ -257,6 +250,12 @@ for file in sorted((this_dir / 'checks').glob('*.yml')):
                'GO111MODULE': 'auto'
            },
            'on': {
+                'push': {
+                    'branches': ['main', 'releases/v*']
+                },
+                'pull_request': {
+                    'types': ["opened", "synchronize", "reopened", "ready_for_review"]
+                },
                'schedule': [{'cron': SingleQuotedScalarString('0 5 * * *')}],
                'workflow_dispatch': {
                    'inputs': workflowInputs
@@ -325,9 +324,6 @@ for collection_name in collections:
                'workflow_dispatch': {
                    'inputs': combinedInputs
                },
-                'workflow_call': {
-                    'inputs': combinedInputs
-                }
            },
            'jobs': jobs
        }, output_stream)
@@ -10,11 +10,7 @@ import { type CodeQL } from "./codeql";
 import { type Config } from "./config-utils";
 import { getCommitOid, getFileOidsUnderPath } from "./git-utils";
 import { Logger, withGroupAsync } from "./logging";
-import {
-  isInTestMode,
-  tryGetFolderBytes,
-  waitForResultWithTimeLimit,
-} from "./util";
+import { isInTestMode, tryGetFolderBytes, withTimeout } from "./util";

 export enum OverlayDatabaseMode {
  Overlay = "overlay",
@@ -158,12 +154,7 @@ function computeChangedFiles(
 // Constants for database caching
 const CACHE_VERSION = 1;
 const CACHE_PREFIX = "codeql-overlay-base-database";
-
-// The purpose of this ten-minute limit is to guard against the possibility
-// that the cache service is unresponsive, which would otherwise cause the
-// entire action to hang.  Normally we expect cache operations to complete
-// within two minutes.
-const MAX_CACHE_OPERATION_MS = 600_000;
+const MAX_CACHE_OPERATION_MS = 120_000; // Two minutes

 /**
 * Checks that the overlay-base database is valid by checking for the
@@ -277,7 +268,7 @@ export async function uploadOverlayBaseDatabaseToCache(
  );

  try {
-    const cacheId = await waitForResultWithTimeLimit(
+    const cacheId = await withTimeout(
      MAX_CACHE_OPERATION_MS,
      actionsCache.saveCache([dbLocation], cacheSaveKey),
      () => {},
@@ -355,39 +346,9 @@ export async function downloadOverlayBaseDatabaseFromCache(
  let databaseDownloadDurationMs = 0;
  try {
    const databaseDownloadStart = performance.now();
-    const foundKey = await waitForResultWithTimeLimit(
-      // This ten-minute limit for the cache restore operation is mainly to
-      // guard against the possibility that the cache service is unresponsive
-      // and hangs outside the data download.
-      //
-      // Data download (which is normally the most time-consuming part of the
-      // restore operation) should not run long enough to hit this limit. Even
-      // for an extremely large 10GB database, at a download speed of 40MB/s
-      // (see below), the download should complete within five minutes. If we
-      // do hit this limit, there are likely more serious problems other than
-      // mere slow download speed.
-      //
-      // This is important because we don't want any ongoing file operations
-      // on the database directory when we do hit this limit. Hitting this
-      // time limit takes us to a fallback path where we re-initialize the
-      // database from scratch at dbLocation, and having the cache restore
-      // operation continue to write into dbLocation in the background would
-      // really mess things up. We want to hit this limit only in the case
-      // of a hung cache service, not just slow download speed.
+    const foundKey = await withTimeout(
      MAX_CACHE_OPERATION_MS,
-      actionsCache.restoreCache(
-        [dbLocation],
-        cacheRestoreKeyPrefix,
-        undefined,
-        {
-          // Azure SDK download (which is the default) uses 128MB segments; see
-          // https://github.com/actions/toolkit/blob/main/packages/cache/README.md.
-          // Setting segmentTimeoutInMs to 3000 translates to segment download
-          // speed of about 40 MB/s, which should be achievable unless the
-          // download is unreliable (in which case we do want to abort).
-          segmentTimeoutInMs: 3000,
-        },
-      ),
+      actionsCache.restoreCache([dbLocation], cacheRestoreKeyPrefix),
      () => {
        logger.info("Timed out downloading overlay-base database from cache");
      },
@@ -192,7 +192,14 @@ async function getProxyBinaryPath(logger: Logger): Promise<string> {

  let proxyBin = toolcache.find(proxyFileName, proxyInfo.version);
  if (!proxyBin) {
-    const temp = await toolcache.downloadTool(proxyInfo.url);
+    const temp = await toolcache.downloadTool(
+      proxyInfo.url,
+      undefined,
+      undefined,
+      {
+        accept: "application/octet-stream",
+      },
+    );
    const extracted = await toolcache.extractTar(temp);
    proxyBin = await toolcache.cacheDir(
      extracted,
@@ -16,7 +16,7 @@ import {
  getErrorMessage,
  isHTTPError,
  tryGetFolderBytes,
-  waitForResultWithTimeLimit,
+  withTimeout,
 } from "./util";

 // This constant should be bumped if we make a breaking change
@@ -96,7 +96,7 @@ export async function downloadTrapCaches(
    logger.info(
      `Looking in Actions cache for TRAP cache with key ${preferredKey}`,
    );
-    const found = await waitForResultWithTimeLimit(
+    const found = await withTimeout(
      MAX_CACHE_OPERATION_MS,
      actionsCache.restoreCache([cacheDir], preferredKey, [
        // Fall back to any cache with the right key prefix
@@ -156,7 +156,7 @@ export async function uploadTrapCaches(
      process.env.GITHUB_SHA || "unknown",
    );
    logger.info(`Uploading TRAP cache to Actions cache with key ${key}`);
-    await waitForResultWithTimeLimit(
+    await withTimeout(
      MAX_CACHE_OPERATION_MS,
      actionsCache.saveCache([cacheDir], key),
      () => {
@@ -32,55 +32,6 @@ interface UploadSarifStatusReport
  extends StatusReportBase,
    upload_lib.UploadStatusReport {}

-/**
- * Searches for SARIF files for the given `analysis` in the given `sarifPath`.
- * If any are found, then they are uploaded to the appropriate endpoint for the given `analysis`.
- *
- * @param logger The logger to use.
- * @param features Information about FFs.
- * @param sarifPath The path to a SARIF file or directory containing SARIF files.
- * @param pathStats Information about `sarifPath`.
- * @param checkoutPath The checkout path.
- * @param analysis The configuration of the analysis we should upload SARIF files for.
- * @param category The SARIF category to use for the upload.
- * @returns The result of uploading the SARIF file(s) or `undefined` if there are none.
- */
-async function findAndUpload(
-  logger: Logger,
-  features: Features,
-  sarifPath: string,
-  pathStats: fs.Stats,
-  checkoutPath: string,
-  analysis: analyses.AnalysisConfig,
-  category?: string,
-): Promise<upload_lib.UploadResult | undefined> {
-  let sarifFiles: string[] | undefined;
-
-  if (pathStats.isDirectory()) {
-    sarifFiles = upload_lib.findSarifFilesInDir(
-      sarifPath,
-      analysis.sarifPredicate,
-    );
-  } else if (pathStats.isFile() && analysis.sarifPredicate(sarifPath)) {
-    sarifFiles = [sarifPath];
-  } else {
-    return undefined;
-  }
-
-  if (sarifFiles.length !== 0) {
-    return await upload_lib.uploadSpecifiedFiles(
-      sarifFiles,
-      checkoutPath,
-      category,
-      features,
-      logger,
-      analysis,
-    );
-  }
-
-  return undefined;
-}
-
 async function sendSuccessStatusReport(
  startedAt: Date,
  uploadStats: upload_lib.UploadStatusReport,
@@ -135,71 +86,54 @@ async function run() {
  }

  try {
-    // `sarifPath` can either be a path to a single file, or a path to a directory.
    const sarifPath = actionsUtil.getRequiredInput("sarif_file");
    const checkoutPath = actionsUtil.getRequiredInput("checkout_path");
    const category = actionsUtil.getOptionalInput("category");
-    const pathStats = fs.lstatSync(sarifPath, { throwIfNoEntry: false });

-    if (pathStats === undefined) {
-      throw new ConfigurationError(`Path does not exist: ${sarifPath}.`);
-    }
-
-    const sarifIds: Array<{ analysis: string; id: string }> = [];
-    const uploadResult = await findAndUpload(
-      logger,
-      features,
+    const uploadResult = await upload_lib.uploadFiles(
      sarifPath,
-      pathStats,
      checkoutPath,
-      analyses.CodeScanning,
      category,
+      features,
+      logger,
+      analyses.CodeScanning,
    );
-    if (uploadResult !== undefined) {
-      core.setOutput("sarif-id", uploadResult.sarifID);
-      sarifIds.push({
-        analysis: analyses.AnalysisKind.CodeScanning,
-        id: uploadResult.sarifID,
-      });
-    }
+    core.setOutput("sarif-id", uploadResult.sarifID);

    // If there are `.quality.sarif` files in `sarifPath`, then upload those to the code quality service.
-    const qualityUploadResult = await findAndUpload(
-      logger,
-      features,
-      sarifPath,
-      pathStats,
-      checkoutPath,
-      analyses.CodeQuality,
-      actionsUtil.fixCodeQualityCategory(logger, category),
-    );
-    if (qualityUploadResult !== undefined) {
-      sarifIds.push({
-        analysis: analyses.AnalysisKind.CodeQuality,
-        id: qualityUploadResult.sarifID,
-      });
+    // Code quality can currently only be enabled on top of security, so we'd currently always expect to
+    // have a directory for the results here.
+    if (fs.lstatSync(sarifPath).isDirectory()) {
+      const qualitySarifFiles = upload_lib.findSarifFilesInDir(
+        sarifPath,
+        analyses.CodeQuality.sarifPredicate,
+      );
+
+      if (qualitySarifFiles.length !== 0) {
+        await upload_lib.uploadSpecifiedFiles(
+          qualitySarifFiles,
+          checkoutPath,
+          actionsUtil.fixCodeQualityCategory(logger, category),
+          features,
+          logger,
+          analyses.CodeQuality,
+        );
+      }
    }
-    core.setOutput("sarif-ids", JSON.stringify(sarifIds));

    // We don't upload results in test mode, so don't wait for processing
    if (isInTestMode()) {
      core.debug("In test mode. Waiting for processing is disabled.");
    } else if (actionsUtil.getRequiredInput("wait-for-processing") === "true") {
-      if (uploadResult !== undefined) {
-        await upload_lib.waitForProcessing(
-          getRepositoryNwo(),
-          uploadResult.sarifID,
-          logger,
-        );
-      }
+      await upload_lib.waitForProcessing(
+        getRepositoryNwo(),
+        uploadResult.sarifID,
+        logger,
+      );
      // The code quality service does not currently have an endpoint to wait for SARIF processing,
      // so we can't wait for that here.
    }
-    await sendSuccessStatusReport(
-      startedAt,
-      uploadResult?.statusReport || {},
-      logger,
-    );
+    await sendSuccessStatusReport(startedAt, uploadResult.statusReport, logger);
  } catch (unwrappedError) {
    const error =
      isThirdPartyAnalysis(ActionName.UploadSarif) &&
@@ -297,7 +297,7 @@ test("listFolder", async (t) => {
 const longTime = 999_999;
 const shortTime = 10;

-test("waitForResultWithTimeLimit on long task", async (t) => {
+test("withTimeout on long task", async (t) => {
  let longTaskTimedOut = false;
  const longTask = new Promise((resolve) => {
    const timer = setTimeout(() => {
@@ -305,43 +305,35 @@ test("waitForResultWithTimeLimit on long task", async (t) => {
    }, longTime);
    t.teardown(() => clearTimeout(timer));
  });
-  const result = await util.waitForResultWithTimeLimit(
-    shortTime,
-    longTask,
-    () => {
-      longTaskTimedOut = true;
-    },
-  );
+  const result = await util.withTimeout(shortTime, longTask, () => {
+    longTaskTimedOut = true;
+  });
  t.deepEqual(longTaskTimedOut, true);
  t.deepEqual(result, undefined);
 });

-test("waitForResultWithTimeLimit on short task", async (t) => {
+test("withTimeout on short task", async (t) => {
  let shortTaskTimedOut = false;
  const shortTask = new Promise((resolve) => {
    setTimeout(() => {
      resolve(99);
    }, shortTime);
  });
-  const result = await util.waitForResultWithTimeLimit(
-    longTime,
-    shortTask,
-    () => {
-      shortTaskTimedOut = true;
-    },
-  );
+  const result = await util.withTimeout(longTime, shortTask, () => {
+    shortTaskTimedOut = true;
+  });
  t.deepEqual(shortTaskTimedOut, false);
  t.deepEqual(result, 99);
 });

-test("waitForResultWithTimeLimit doesn't call callback if promise resolves", async (t) => {
+test("withTimeout doesn't call callback if promise resolves", async (t) => {
  let shortTaskTimedOut = false;
  const shortTask = new Promise((resolve) => {
    setTimeout(() => {
      resolve(99);
    }, shortTime);
  });
-  const result = await util.waitForResultWithTimeLimit(100, shortTask, () => {
+  const result = await util.withTimeout(100, shortTask, () => {
    shortTaskTimedOut = true;
  });
  await new Promise((r) => setTimeout(r, 200));
@@ -864,7 +864,7 @@ let hadTimeout = false;
 * @param onTimeout A callback to call if the promise times out.
 * @returns The result of the promise, or undefined if the promise times out.
 */
-export async function waitForResultWithTimeLimit<T>(
+export async function withTimeout<T>(
  timeoutMs: number,
  promise: Promise<T>,
  onTimeout: () => void,
@@ -894,7 +894,7 @@ export async function waitForResultWithTimeLimit<T>(
 * Check if the global hadTimeout variable has been set, and if so then
 * exit the process to ensure any background tasks that are still running
 * are killed. This should be called at the end of execution if the
- * `waitForResultWithTimeLimit` function has been used.
+ * `withTimeout` function has been used.
 */
 export async function checkForTimeout() {
  if (hadTimeout === true) {
@@ -14,7 +14,7 @@ inputs:
    required: false
    default: ${{ github.workspace }}
  ref:
-    description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is ignored for pull requests from forks. Expected format: refs/heads/<branch name>, refs/tags/<tag>, refs/pull/<number>/merge, or refs/pull/<number>/head."
+    description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is ignored for pull requests from forks."
    required: false
  sha:
    description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is ignored for pull requests from forks."
@@ -34,12 +34,7 @@ inputs:
    default: "true"
 outputs:
  sarif-id:
-    description: The ID of the uploaded Code Scanning SARIF file, if any.
-  sarif-ids:
-    description: |
-      A stringified JSON object containing the SARIF ID for each kind of analysis. For example:
-
-      { "code-scanning": "some-id", "code-quality": "some-other-id" }
+    description: The ID of the uploaded SARIF file.
 runs:
  using: node20
  main: '../lib/upload-sarif-action.js'