Mergeback v2.1.27 refs/heads/releases/v2 into main (#1289)

* Merge main into releases/v2 (#1287)

* Update changelog and version after v2.1.26

* Update checked-in dependencies

* Don't check for Go logs on failure (#1279)

* Update supported GitHub Enterprise Server versions. (#1275)

Co-authored-by: GitHub <noreply@github.com>

* TRAP Caching: Add timeouts to upload/download operations

* Add logging statements declaring state of the cli_config_file_enabled

It's possible to determine this otherwise, but this makes it easier to
spot.

* Avoid using single value as array

The user config parser in the CLI doesn't yet support it.

* Extract logging statements to separate function

* Correctly report CodeQL version when using cache (#1259)

* Correctly report CodeQL version when using cache

* Add JS generated files

* Add test for return value of `setupCodeQL`

* Fill in missing return value comment

* Convert "Invalid source root" errors to UserErrors

* Add changelog note for Go extraction reconciliation (#1286)

* Add changelog note for Go extraction reconciliation

* Update CHANGELOG.md

Co-authored-by: Henry Mercer <henrymercer@github.com>

* Update CHANGELOG.md

Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>

* Tweaks from PR review

Co-authored-by: Henry Mercer <henrymercer@github.com>
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>

* Update changelog for v2.1.27

Co-authored-by: github-actions[bot] <github-actions@github.com>
Co-authored-by: Chuan-kai Lin <cklin@github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: Edoardo Pirovano <edoardo.pirovano@gmail.com>
Co-authored-by: Edoardo Pirovano <6748066+edoardopirovano@users.noreply.github.com>
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>

* Update changelog and version after v2.1.27

* Update checked-in dependencies

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions@github.com>
Co-authored-by: Chuan-kai Lin <cklin@github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: Edoardo Pirovano <edoardo.pirovano@gmail.com>
Co-authored-by: Edoardo Pirovano <6748066+edoardopirovano@users.noreply.github.com>
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>

.github/workflows/__go-custom-queries.yml

@@ -93,4 +93,5 @@ jobs:
       env:
         TEST_MODE: true
     env:
+      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
       INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/__unset-environment.yml

@@ -1,97 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
-# to regenerate this file.
-
-name: PR Check - Test unsetting environment variables
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    branches:
-    - main
-    - releases/v1
-    - releases/v2
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-jobs:
-  unset-environment:
-    strategy:
-      matrix:
-        include:
-        - os: ubuntu-latest
-          version: stable-20210308
-        - os: ubuntu-latest
-          version: stable-20210319
-        - os: ubuntu-latest
-          version: stable-20210809
-        - os: ubuntu-latest
-          version: cached
-        - os: ubuntu-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-    name: Test unsetting environment variables
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Check out repository
-      uses: actions/checkout@v3
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/prepare-test
-      with:
-        version: ${{ matrix.version }}
-    - uses: ./../action/init
-      with:
-        db-location: ${{ runner.temp }}/customDbLocation
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-      env:
-        TEST_MODE: true
-    - name: Build code
-      shell: bash
-      run: env -i PATH="$PATH" HOME="$HOME" ./build.sh
-    - uses: ./../action/analyze
-      id: analysis
-      env:
-        TEST_MODE: true
-    - shell: bash
-      run: |
-        CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }}
-        if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for CPP, or created it in the wrong location."
-          exit 1
-        fi
-        CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }}
-        if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for C Sharp, or created it in the wrong location."
-          exit 1
-        fi
-        GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }}
-        if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Go, or created it in the wrong location."
-          exit 1
-        fi
-        JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }}
-        if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Java, or created it in the wrong location."
-          exit 1
-        fi
-        JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }}
-        if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Javascript, or created it in the wrong location."
-          exit 1
-        fi
-        PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }}
-        if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Python, or created it in the wrong location."
-          exit 1
-        fi
-    env:
-      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/debug-artifacts-failure.yml

@@ -79,7 +79,7 @@ jobs:
                 echo "Missing database initialization logs"
                 exit 1
               fi
-              if [[ ! -d "$language/log" ]] ; then
+              if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
                 echo "Missing logs for $language"
                 exit 1
               fi

.github/workflows/script/update-required-checks.sh

@@ -23,7 +23,7 @@ fi
 echo "Getting checks for $GITHUB_SHA"
 
 # Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") or contains("update") | not)] | unique | sort')"
+CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
 
 echo "$CHECKS" | jq
 

.github/workflows/unset-environment-new-cli.yml

@@ -0,0 +1,95 @@
+# See `unset-environment-old-cli.yml` for reasoning behind the separate tests.
+name: PR Check - Test unsetting environment variables for CLI version >= 2.5.1
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  unset-environment:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: stable-20210809
+        - os: ubuntu-latest
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+    name: Test unsetting environment variables
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - uses: ./../action/init
+      with:
+        db-location: ${{ runner.temp }}/customDbLocation
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
+    - name: Build code
+      shell: bash
+      run: env -i PATH="$PATH" HOME="$HOME" ./build.sh
+    - uses: ./../action/analyze
+      id: analysis
+      env:
+        TEST_MODE: true
+    - shell: bash
+      run: |
+        CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}"
+        if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then
+          echo "::error::Did not create a database for CPP, or created it in the wrong location." \
+            "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'"
+          exit 1
+        fi
+        CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}"
+        if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then
+          echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \
+            "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'"
+          exit 1
+        fi
+        GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}"
+        if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then
+          echo "::error::Did not create a database for Go, or created it in the wrong location." \
+            "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'"
+          exit 1
+        fi
+        JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}"
+        if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then
+          echo "::error::Did not create a database for Java, or created it in the wrong location." \
+            "Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'"
+          exit 1
+        fi
+        JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}"
+        if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then
+          echo "::error::Did not create a database for Javascript, or created it in the wrong location." \
+            "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'"
+          exit 1
+        fi
+        PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}"
+        if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then
+          echo "::error::Did not create a database for Python, or created it in the wrong location." \
+            "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'"
+          exit 1
+        fi
+    env:
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/unset-environment-old-cli.yml

@@ -0,0 +1,89 @@
+# There was a bug, fixed in CLI v2.5.1, that didn't propagate environment
+# variables that the Java tracer needed. Here we test all languages
+# except Java for these CLI versions. In `unset-environment-new-cli.yml`
+# we test all languages for recent CLI versions.
+name: PR Check - Test unsetting environment variables for CLI version < 2.5.1
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  unset-environment:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: stable-20210308
+        - os: ubuntu-latest
+          version: stable-20210319
+    name: Test unsetting environment variables
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - uses: ./../action/init
+      with:
+        languages: csharp,cpp,go,javascript,python
+        db-location: ${{ runner.temp }}/customDbLocation
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
+    - name: Build code
+      shell: bash
+      run: env -i PATH="$PATH" HOME="$HOME" ./build.sh
+    - uses: ./../action/analyze
+      id: analysis
+      env:
+        TEST_MODE: true
+    - shell: bash
+      run: |
+        CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}"
+        if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then
+          echo "::error::Did not create a database for CPP, or created it in the wrong location." \
+            "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'"
+          exit 1
+        fi
+        CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}"
+        if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then
+          echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \
+            "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'"
+          exit 1
+        fi
+        GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}"
+        if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then
+          echo "::error::Did not create a database for Go, or created it in the wrong location." \
+            "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'"
+          exit 1
+        fi
+        JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}"
+        if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then
+          echo "::error::Did not create a database for Javascript, or created it in the wrong location." \
+            "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'"
+          exit 1
+        fi
+        PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}"
+        if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then
+          echo "::error::Did not create a database for Python, or created it in the wrong location." \
+            "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'"
+          exit 1
+        fi
+    env:
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

CHANGELOG.md

@@ -1,5 +1,17 @@
 # CodeQL Action Changelog
 
+## [UNRELEASED]
+
+No user facing changes.
+
+## 2.1.27 - 06 Oct 2022
+
+- We are rolling out a feature of the CodeQL Action in October 2022 that changes the way that Go code is analyzed to be more consistent with other compiled languages like C/C++, C#, and Java. You do not need to alter your code scanning workflows. If you encounter any problems, please [file an issue](https://github.com/github/codeql-action/issues) or open a private ticket with GitHub Support and request an escalation to engineering.
+
+## 2.1.26 - 29 Sep 2022
+
+- Update default CodeQL bundle version to 2.11.0. [#1267](https://github.com/github/codeql-action/pull/1267)
+
 ## 2.1.25 - 21 Sep 2022
 
 - We will soon be rolling out a feature of the CodeQL Action that stores some information used to make future runs faster in the GitHub Actions cache. Initially, this will only be enabled on JavaScript repositories, but we plan to add more languages to this soon. The new feature can be disabled by passing the `trap-caching: false` option to your workflow's `init` step, for example if you are already using the GitHub Actions cache for a different purpose and are near the storage limit for it.

lib/actions-util.js

@@ -452,7 +452,7 @@ async function getRef() {
     // in actions/checkout@v1 this may not be true as it checks out the repository
     // using GITHUB_REF. There is a subtle race condition where
     // git rev-parse GITHUB_REF != GITHUB_SHA, so we must check
-    // git git-parse GITHUB_REF == git rev-parse HEAD instead.
+    // git rev-parse GITHUB_REF == git rev-parse HEAD instead.
     const hasChangedRef = sha !== head &&
         (await (0, exports.getCommitOid)(checkoutPath, ref.replace(/^refs\/pull\//, "refs/remotes/pull/"))) !== head;
     if (hasChangedRef) {

lib/analyze-action-env.test.js

@@ -52,6 +52,7 @@ const util = __importStar(require("./util"));
             gitHubVersion,
             languages: [],
             packs: [],
+            trapCaches: {},
         });
         const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
         requiredInputStub.withArgs("token").returns("fake-token");

lib/analyze-action-env.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-input.test.js

@@ -52,6 +52,7 @@ const util = __importStar(require("./util"));
             gitHubVersion,
             languages: [],
             packs: [],
+            trapCaches: {},
         });
         const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
         requiredInputStub.withArgs("token").returns("fake-token");

lib/analyze-action-input.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action.js

@@ -163,7 +163,7 @@ async function run() {
         await runAutobuildIfLegacyGoWorkflow(config, featureFlags, logger);
         dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger, featureFlags);
         if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
-            runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, actionsUtil.getOptionalInput("category"), config, logger);
+            runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, actionsUtil.getOptionalInput("category"), config, logger, featureFlags);
         }
         if (actionsUtil.getOptionalInput("cleanup-level") !== "none") {
             await (0, analyze_1.runCleanup)(config, actionsUtil.getOptionalInput("cleanup-level") || "brutal", logger);

lib/analyze.js

@@ -122,7 +122,7 @@ async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger,
     };
 }
 // Runs queries and creates sarif files in the given folder
-async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, automationDetailsId, config, logger) {
+async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, automationDetailsId, config, logger, featureFlags) {
     const statusReport = {};
     let locPromise = Promise.resolve({});
     const cliCanCountBaseline = await cliCanCountLoC();
@@ -136,6 +136,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         config.paths, config.pathsIgnore, config.languages, logger);
     }
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+    await util.logCodeScanningConfigInCli(codeql, featureFlags, logger);
     for (const language of config.languages) {
         const queries = config.queries[language];
         const queryFilters = validateQueryFilters(config.originalUserInput["query-filters"]);
@@ -147,7 +148,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
             throw new Error(`Unable to analyse ${language} as no queries were selected for this language`);
         }
         try {
-            if (await util.useCodeScanningConfigInCli(codeql)) {
+            if (await util.useCodeScanningConfigInCli(codeql, featureFlags)) {
                 // If we are using the codescanning config in the CLI,
                 // much of the work needed to generate the query suites
                 // is done in the CLI. We just need to make a single

lib/analyze.test.js

@@ -30,6 +30,7 @@ const sinon = __importStar(require("sinon"));
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
 const count = __importStar(require("./count-loc"));
+const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
@@ -131,7 +132,7 @@ const util = __importStar(require("./util"));
                 builtin: ["foo.ql"],
                 custom: [],
             };
-            const builtinStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true));
+            const builtinStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, feature_flags_1.createFeatureFlags)([]));
             const hasPacks = language in packs;
             const statusReportKeys = Object.keys(builtinStatusReport).sort();
             if (hasPacks) {
@@ -157,7 +158,7 @@ const util = __importStar(require("./util"));
                     },
                 ],
             };
-            const customStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true));
+            const customStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, feature_flags_1.createFeatureFlags)([]));
             t.deepEqual(Object.keys(customStatusReport).length, 2);
             t.true(`analyze_custom_queries_${language}_duration_ms` in customStatusReport);
             const expectedSearchPathsUsed = hasPacks

lib/codeql.js

@@ -224,7 +224,7 @@ async function getCodeQLBundleDownloadURL(apiDetails, variant, logger) {
  * @param logger
  * @param checkVersion Whether to check that CodeQL CLI meets the minimum
  *        version requirement. Must be set to true outside tests.
- * @returns
+ * @returns a { CodeQL, toolsVersion } object.
  */
 async function setupCodeQL(codeqlURL, apiDetails, tempDir, variant, featureFlags, logger, checkVersion) {
     try {
@@ -267,6 +267,7 @@ async function setupCodeQL(codeqlURL, apiDetails, tempDir, variant, featureFlags
                     if (fs.existsSync(path.join(tmpCodeqlFolder, "pinned-version"))) {
                         logger.debug(`CodeQL in cache overriding the default ${CODEQL_BUNDLE_VERSION}`);
                         codeqlFolder = tmpCodeqlFolder;
+                        codeqlURLVersion = codeqlVersions[0];
                     }
                 }
             }
@@ -515,7 +516,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                     extraArgs.push("--no-internal-use-lua-tracing");
                 }
             }
-            const configLocation = await generateCodescanningConfig(codeql, config);
+            const configLocation = await generateCodescanningConfig(codeql, config, featureFlags);
             if (configLocation) {
                 extraArgs.push(`--codescanning-config=${configLocation}`);
             }
@@ -875,9 +876,9 @@ async function runTool(cmd, args = []) {
  * @param config The configuration to use.
  * @returns the path to the generated user configuration file.
  */
-async function generateCodescanningConfig(codeql, config) {
+async function generateCodescanningConfig(codeql, config, featureFlags) {
     var _a;
-    if (!(await util.useCodeScanningConfigInCli(codeql))) {
+    if (!(await util.useCodeScanningConfigInCli(codeql, featureFlags))) {
         return;
     }
     const configLocation = path.resolve(config.tempDir, "user-config.yaml");

lib/codeql.test.js

@@ -95,7 +95,7 @@ async function mockApiAndSetupCodeQL({ apiDetails, featureFlags, isPinned, tmpDi
     (0, nock_1.default)(baseUrl)
         .get(relativeUrl)
         .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle${isPinned ? "-pinned" : ""}.tar.gz`));
-    await codeql.setupCodeQL(toolsInput ? toolsInput.input : `${baseUrl}${relativeUrl}`, apiDetails !== null && apiDetails !== void 0 ? apiDetails : sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, featureFlags !== null && featureFlags !== void 0 ? featureFlags : (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true), false);
+    return await codeql.setupCodeQL(toolsInput ? toolsInput.input : `${baseUrl}${relativeUrl}`, apiDetails !== null && apiDetails !== void 0 ? apiDetails : sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, featureFlags !== null && featureFlags !== void 0 ? featureFlags : (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true), false);
 }
 (0, ava_1.default)("download codeql bundle cache", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
@@ -103,8 +103,9 @@ async function mockApiAndSetupCodeQL({ apiDetails, featureFlags, isPinned, tmpDi
         const versions = ["20200601", "20200610"];
         for (let i = 0; i < versions.length; i++) {
             const version = versions[i];
-            await mockApiAndSetupCodeQL({ version, tmpDir });
+            const codeQLConfig = await mockApiAndSetupCodeQL({ version, tmpDir });
             t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
+            t.deepEqual(codeQLConfig.toolsVersion, version);
         }
         t.is(toolcache.findAllVersions("CodeQL").length, 2);
     });
@@ -112,26 +113,33 @@ async function mockApiAndSetupCodeQL({ apiDetails, featureFlags, isPinned, tmpDi
 (0, ava_1.default)("download codeql bundle cache explicitly requested with pinned different version cached", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await mockApiAndSetupCodeQL({
+        const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
             version: "20200601",
             isPinned: true,
             tmpDir,
         });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        await mockApiAndSetupCodeQL({ version: "20200610", tmpDir });
+        t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
+        const unpinnedCodeQLConfig = await mockApiAndSetupCodeQL({
+            version: "20200610",
+            tmpDir,
+        });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
+        t.deepEqual(unpinnedCodeQLConfig.toolsVersion, "20200610");
     });
 });
 (0, ava_1.default)("don't download codeql bundle cache with pinned different version cached", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await mockApiAndSetupCodeQL({
+        const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
             version: "20200601",
             isPinned: true,
             tmpDir,
         });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true), false);
+        t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
+        const codeQLConfig = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true), false);
+        t.deepEqual(codeQLConfig.toolsVersion, "0.0.0-20200601");
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 1);
     });
@@ -139,14 +147,19 @@ async function mockApiAndSetupCodeQL({ apiDetails, featureFlags, isPinned, tmpDi
 (0, ava_1.default)("download codeql bundle cache with different version cached (not pinned)", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await mockApiAndSetupCodeQL({ version: "20200601", tmpDir });
+        const cachedCodeQLConfig = await mockApiAndSetupCodeQL({
+            version: "20200601",
+            tmpDir,
+        });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        await mockApiAndSetupCodeQL({
+        t.deepEqual(cachedCodeQLConfig.toolsVersion, "20200601");
+        const codeQLConfig = await mockApiAndSetupCodeQL({
             version: defaults.bundleVersion,
             tmpDir,
             apiDetails: sampleApiDetails,
             toolsInput: { input: undefined },
         });
+        t.deepEqual(codeQLConfig.toolsVersion, defaults.bundleVersion.replace("codeql-bundle-", ""));
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 2);
     });
@@ -154,18 +167,20 @@ async function mockApiAndSetupCodeQL({ apiDetails, featureFlags, isPinned, tmpDi
 (0, ava_1.default)('download codeql bundle cache with pinned different version cached if "latest" tools specified', async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await mockApiAndSetupCodeQL({
+        const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
             version: "20200601",
             isPinned: true,
             tmpDir,
         });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        await mockApiAndSetupCodeQL({
+        t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
+        const latestCodeQLConfig = await mockApiAndSetupCodeQL({
             version: defaults.bundleVersion,
             apiDetails: sampleApiDetails,
             toolsInput: { input: "latest" },
             tmpDir,
         });
+        t.deepEqual(latestCodeQLConfig.toolsVersion, defaults.bundleVersion.replace("codeql-bundle-", ""));
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 2);
     });

lib/config-utils.js

@@ -908,7 +908,8 @@ async function initConfig(languagesInput, queriesInput, packsInput, registriesIn
     // When using the codescanning config in the CLI, pack downloads
     // happen in the CLI during the `database init` command, so no need
     // to download them here.
-    if (!(await (0, util_1.useCodeScanningConfigInCli)(codeQL))) {
+    await (0, util_1.logCodeScanningConfigInCli)(codeQL, featureFlags, logger);
+    if (!(await (0, util_1.useCodeScanningConfigInCli)(codeQL, featureFlags))) {
         const registries = parseRegistries(registriesInput);
         await downloadPacks(codeQL, config.languages, config.packs, registries, apiDetails, config.tempDir, logger);
     }

lib/defaults.json

@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20220908"
+    "bundleVersion": "codeql-bundle-20220923"
 }

lib/feature-flags.js

@@ -28,6 +28,7 @@ var FeatureFlag;
     FeatureFlag["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
     FeatureFlag["TrapCachingEnabled"] = "trap_caching_enabled";
     FeatureFlag["GolangExtractionReconciliationEnabled"] = "golang_extraction_reconciliation_enabled";
+    FeatureFlag["CliConfigFileEnabled"] = "cli_config_file_enabled";
 })(FeatureFlag = exports.FeatureFlag || (exports.FeatureFlag = {}));
 class GitHubFeatureFlags {
     constructor(gitHubVersion, apiDetails, repositoryNwo, logger) {

lib/feature-flags.js.map

@@ -1 +1 @@
-{"version":3,"file":"feature-flags.js","sourceRoot":"","sources":["../src/feature-flags.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,6CAA8D;AAG9D,6CAA+B;AAM/B,IAAY,WAKX;AALD,WAAY,WAAW;IACrB,kEAAmD,CAAA;IACnD,qEAAsD,CAAA;IACtD,0DAA2C,CAAA;IAC3C,iGAAkF,CAAA;AACpF,CAAC,EALW,WAAW,GAAX,mBAAW,KAAX,mBAAW,QAKtB;AAUD,MAAa,kBAAkB;IAG7B,YACU,aAAiC,EACjC,UAA4B,EAC5B,aAA4B,EAC5B,MAAc;QAHd,kBAAa,GAAb,aAAa,CAAoB;QACjC,eAAU,GAAV,UAAU,CAAkB;QAC5B,kBAAa,GAAb,aAAa,CAAe;QAC5B,WAAM,GAAN,MAAM,CAAQ;IACrB,CAAC;IAEJ,KAAK,CAAC,QAAQ,CAAC,IAAiB;QAC9B,oDAAoD;QACpD,IAAI,IAAI,KAAK,WAAW,CAAC,sBAAsB,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE;YACtE,OAAO,KAAK,CAAC;SACd;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC7C,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,qCAAqC,IAAI,4BAA4B,CACtE,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,iBAAiB,IAAI,uDAAuD,CAC7E,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,MAAM,eAAe,GAAG,KAAK,IAAI,EAAE;YACjC,iDAAiD;YACjD,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;gBACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,8DAA8D,CAC/D,CAAC;gBACF,OAAO,EAAE,CAAC;aACX;YACD,MAAM,MAAM,GAAG,IAAA,yBAAY,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC7C,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CACnC,8DAA8D,EAC9D;oBACE,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK;oBAC/B,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;iBAC9B,CACF,CAAC;gBACF,OAAO,QAAQ,CAAC,IAAI,CAAC;aACtB;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,GAAG,EAAE;oBAC3C,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,gGAAgG;wBAC9F,oEAAoE;wBACpE,qFAAqF;wBACrF,kFAAkF,CAAC,EAAE,CACxF,CAAC;iBACH;qBAAM;oBACL,uFAAuF;oBACvF,mFAAmF;oBACnF,2FAA2F;oBAC3F,qBAAqB;oBACrB,MAAM,IAAI,KAAK,CACb,4DAA4D,CAAC,EAAE,CAChE,CAAC;iBACH;aACF;QACH,CAAC,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,IAAI,CAAC,MAAM,eAAe,EAAE,CAAC,CAAC;QACxE,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QACrC,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AA5ED,gDA4EC;AAED;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,YAA2B;IAC5D,OAAO;QACL,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;YACvB,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC;KACF,CAAC;AACJ,CAAC;AAND,gDAMC"}
+{"version":3,"file":"feature-flags.js","sourceRoot":"","sources":["../src/feature-flags.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,6CAA8D;AAG9D,6CAA+B;AAM/B,IAAY,WAMX;AAND,WAAY,WAAW;IACrB,kEAAmD,CAAA;IACnD,qEAAsD,CAAA;IACtD,0DAA2C,CAAA;IAC3C,iGAAkF,CAAA;IAClF,+DAAgD,CAAA;AAClD,CAAC,EANW,WAAW,GAAX,mBAAW,KAAX,mBAAW,QAMtB;AAUD,MAAa,kBAAkB;IAG7B,YACU,aAAiC,EACjC,UAA4B,EAC5B,aAA4B,EAC5B,MAAc;QAHd,kBAAa,GAAb,aAAa,CAAoB;QACjC,eAAU,GAAV,UAAU,CAAkB;QAC5B,kBAAa,GAAb,aAAa,CAAe;QAC5B,WAAM,GAAN,MAAM,CAAQ;IACrB,CAAC;IAEJ,KAAK,CAAC,QAAQ,CAAC,IAAiB;QAC9B,oDAAoD;QACpD,IAAI,IAAI,KAAK,WAAW,CAAC,sBAAsB,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE;YACtE,OAAO,KAAK,CAAC;SACd;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC7C,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,qCAAqC,IAAI,4BAA4B,CACtE,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,iBAAiB,IAAI,uDAAuD,CAC7E,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,MAAM,eAAe,GAAG,KAAK,IAAI,EAAE;YACjC,iDAAiD;YACjD,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;gBACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,8DAA8D,CAC/D,CAAC;gBACF,OAAO,EAAE,CAAC;aACX;YACD,MAAM,MAAM,GAAG,IAAA,yBAAY,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC7C,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CACnC,8DAA8D,EAC9D;oBACE,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK;oBAC/B,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;iBAC9B,CACF,CAAC;gBACF,OAAO,QAAQ,CAAC,IAAI,CAAC;aACtB;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,GAAG,EAAE;oBAC3C,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,gGAAgG;wBAC9F,oEAAoE;wBACpE,qFAAqF;wBACrF,kFAAkF,CAAC,EAAE,CACxF,CAAC;iBACH;qBAAM;oBACL,uFAAuF;oBACvF,mFAAmF;oBACnF,2FAA2F;oBAC3F,qBAAqB;oBACrB,MAAM,IAAI,KAAK,CACb,4DAA4D,CAAC,EAAE,CAChE,CAAC;iBACH;aACF;QACH,CAAC,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,IAAI,CAAC,MAAM,eAAe,EAAE,CAAC,CAAC;QACxE,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QACrC,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AA5ED,gDA4EC;AAED;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,YAA2B;IAC5D,OAAO;QACL,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;YACvB,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC;KACF,CAAC;AACJ,CAAC;AAND,gDAMC"}

lib/init.js

@@ -47,7 +47,6 @@ async function initConfig(languagesInput, queriesInput, packsInput, registriesIn
 }
 exports.initConfig = initConfig;
 async function runInit(codeql, config, sourceRoot, processName, processLevel, featureFlags, logger) {
-    var _a, _b;
     fs.mkdirSync(config.dbLocation, { recursive: true });
     try {
         if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
@@ -62,24 +61,41 @@ async function runInit(codeql, config, sourceRoot, processName, processLevel, fe
         }
     }
     catch (e) {
-        // Handle the situation where init is called twice
-        // for the same database in the same job.
-        if (e instanceof Error &&
-            ((_a = e.message) === null || _a === void 0 ? void 0 : _a.includes("Refusing to create databases")) &&
-            e.message.includes("exists and is not an empty directory.")) {
-            throw new util.UserError(`Is the "init" action called twice in the same job? ${e.message}`);
-        }
-        else if (e instanceof Error &&
-            ((_b = e.message) === null || _b === void 0 ? void 0 : _b.includes("is not compatible with this CodeQL CLI"))) {
-            throw new util.UserError(e.message);
-        }
-        else {
-            throw e;
-        }
+        throw processError(e);
     }
     return await (0, tracer_config_1.getCombinedTracerConfig)(config, codeql, await util.isGoExtractionReconciliationEnabled(featureFlags), logger);
 }
 exports.runInit = runInit;
+/**
+ * Possibly convert this error into a UserError in order to avoid
+ * counting this error towards our internal error budget.
+ *
+ * @param e The error to possibly convert to a UserError.
+ *
+ * @returns A UserError if the error is a known error that can be
+ *         attributed to the user, otherwise the original error.
+ */
+function processError(e) {
+    var _a, _b, _c, _d;
+    if (!(e instanceof Error)) {
+        return e;
+    }
+    if (
+    // Init action called twice
+    ((_a = e.message) === null || _a === void 0 ? void 0 : _a.includes("Refusing to create databases")) &&
+        ((_b = e.message) === null || _b === void 0 ? void 0 : _b.includes("exists and is not an empty directory."))) {
+        return new util.UserError(`Is the "init" action called twice in the same job? ${e.message}`);
+    }
+    if (
+    // Version of CodeQL CLI is incompatible with this version of the CodeQL Action
+    ((_c = e.message) === null || _c === void 0 ? void 0 : _c.includes("is not compatible with this CodeQL CLI")) ||
+        (
+        // Expected source location for database creation does not exist
+        (_d = e.message) === null || _d === void 0 ? void 0 : _d.includes("Invalid source root"))) {
+        return new util.UserError(e.message);
+    }
+    return e;
+}
 // Runs a powershell script to inject the tracer into a parent process
 // so it can tracer future processes, hopefully including the build process.
 // If processName is given then injects into the nearest parent process with

lib/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AAEpD,gEAAkD;AAElD,qCAA2E;AAC3E,4DAA8C;AAI9C,mDAAwE;AACxE,6CAA+B;AAC/B,iCAA4C;AAErC,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,oBAAW,EAChD,SAAS,EACT,UAAU,EACV,OAAO,EACP,OAAO,EACP,YAAY,EACZ,MAAM,EACN,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,eAAmC,EACnC,UAA8B,EAC9B,UAA8B,EAC9B,kBAA2B,EAC3B,SAAkB,EAClB,iBAAyB,EACzB,iBAAyB,EACzB,UAAyB,EACzB,OAAe,EACf,MAAc,EACd,aAAqB,EACrB,aAAiC,EACjC,UAAoC,EACpC,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,eAAe,EACf,UAAU,EACV,UAAU,EACV,kBAAkB,EAClB,SAAS,EACT,iBAAiB,EACjB,iBAAiB,EACjB,UAAU,EACV,OAAO,EACP,MAAM,EACN,aAAa,EACb,aAAa,EACb,UAAU,EACV,YAAY,EACZ,MAAM,CACP,CAAC;IACF,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA5CD,gCA4CC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,YAAgC,EAChC,YAA0B,EAC1B,MAAc;;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,IAAI;QACF,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;YAChE,0BAA0B;YAC1B,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,MAAM,CACP,CAAC;SACH;aAAM;YACL,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;gBACvC,yBAAyB;gBACzB,MAAM,MAAM,CAAC,YAAY,CACvB,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAC5C,QAAQ,EACR,UAAU,CACX,CAAC;aACH;SACF;KACF;IAAC,OAAO,CAAC,EAAE;QACV,kDAAkD;QAClD,yCAAyC;QACzC,IACE,CAAC,YAAY,KAAK;aAClB,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,CAAA;YACnD,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,uCAAuC,CAAC,EAC3D;YACA,MAAM,IAAI,IAAI,CAAC,SAAS,CACtB,sDAAsD,CAAC,CAAC,OAAO,EAAE,CAClE,CAAC;SACH;aAAM,IACL,CAAC,YAAY,KAAK;aAClB,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,wCAAwC,CAAC,CAAA,EAC7D;YACA,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACrC;aAAM;YACL,MAAM,CAAC,CAAC;SACT;KACF;IACD,OAAO,MAAM,IAAA,uCAAuB,EAClC,MAAM,EACN,MAAM,EACN,MAAM,IAAI,CAAC,mCAAmC,CAAC,YAAY,CAAC,EAC5D,MAAM,CACP,CAAC;AACJ,CAAC;AA1DD,0BA0DC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;;;;;gDAqBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EACvC;QACE,kBAAkB;QAClB,QAAQ;QACR,OAAO;QACP,gBAAgB;QAChB,IAAI,CAAC,OAAO,CACV,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAC9B,OAAO,EACP,OAAO,EACP,YAAY,CACb;KACF,EACD,EAAE,GAAG,EAAE,EAAE,0BAA0B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAC3D,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AA5FD,kDA4FC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAEjE,IAAI;QACF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;gBACvE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,mBAAmB,CAAC;aAC9C,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAC7C,CAAC,IAAI,EAAE,CAAC;SACV;QACD,MAAM,MAAM,GAAG,0BAA0B,CAAC;QAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBAC/D,IAAI;gBACJ,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;gBACpE,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,OAAO,CACZ,gFAAgF,CAAC,IAAI;YACnF,qGAAqG;YACrG,oGAAoG;YACpG,iDAAiD,CACpD,CAAC;QACF,OAAO;KACR;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAzCD,8CAyCC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AAEpD,gEAAkD;AAElD,qCAA2E;AAC3E,4DAA8C;AAI9C,mDAAwE;AACxE,6CAA+B;AAC/B,iCAA4C;AAErC,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,oBAAW,EAChD,SAAS,EACT,UAAU,EACV,OAAO,EACP,OAAO,EACP,YAAY,EACZ,MAAM,EACN,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,eAAmC,EACnC,UAA8B,EAC9B,UAA8B,EAC9B,kBAA2B,EAC3B,SAAkB,EAClB,iBAAyB,EACzB,iBAAyB,EACzB,UAAyB,EACzB,OAAe,EACf,MAAc,EACd,aAAqB,EACrB,aAAiC,EACjC,UAAoC,EACpC,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,eAAe,EACf,UAAU,EACV,UAAU,EACV,kBAAkB,EAClB,SAAS,EACT,iBAAiB,EACjB,iBAAiB,EACjB,UAAU,EACV,OAAO,EACP,MAAM,EACN,aAAa,EACb,aAAa,EACb,UAAU,EACV,YAAY,EACZ,MAAM,CACP,CAAC;IACF,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA5CD,gCA4CC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,YAAgC,EAChC,YAA0B,EAC1B,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,IAAI;QACF,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;YAChE,0BAA0B;YAC1B,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,MAAM,CACP,CAAC;SACH;aAAM;YACL,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;gBACvC,yBAAyB;gBACzB,MAAM,MAAM,CAAC,YAAY,CACvB,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAC5C,QAAQ,EACR,UAAU,CACX,CAAC;aACH;SACF;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,YAAY,CAAC,CAAC,CAAC,CAAC;KACvB;IACD,OAAO,MAAM,IAAA,uCAAuB,EAClC,MAAM,EACN,MAAM,EACN,MAAM,IAAI,CAAC,mCAAmC,CAAC,YAAY,CAAC,EAC5D,MAAM,CACP,CAAC;AACJ,CAAC;AAzCD,0BAyCC;AAED;;;;;;;;GAQG;AACH,SAAS,YAAY,CAAC,CAAM;;IAC1B,IAAI,CAAC,CAAC,CAAC,YAAY,KAAK,CAAC,EAAE;QACzB,OAAO,CAAC,CAAC;KACV;IAED;IACE,2BAA2B;IAC3B,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,8BAA8B,CAAC;SACnD,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,uCAAuC,CAAC,CAAA,EAC5D;QACA,OAAO,IAAI,IAAI,CAAC,SAAS,CACvB,sDAAsD,CAAC,CAAC,OAAO,EAAE,CAClE,CAAC;KACH;IAED;IACE,+EAA+E;IAC/E,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,wCAAwC,CAAC;;QAC7D,gEAAgE;QAChE,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,qBAAqB,CAAC,CAAA,EAC1C;QACA,OAAO,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;KACtC;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;;;;;gDAqBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EACvC;QACE,kBAAkB;QAClB,QAAQ;QACR,OAAO;QACP,gBAAgB;QAChB,IAAI,CAAC,OAAO,CACV,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAC9B,OAAO,EACP,OAAO,EACP,YAAY,CACb;KACF,EACD,EAAE,GAAG,EAAE,EAAE,0BAA0B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAC3D,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AA5FD,kDA4FC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAEjE,IAAI;QACF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;gBACvE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,mBAAmB,CAAC;aAC9C,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAC7C,CAAC,IAAI,EAAE,CAAC;SACV;QACD,MAAM,MAAM,GAAG,0BAA0B,CAAC;QAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBAC/D,IAAI;gBACJ,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;gBACpE,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,OAAO,CACZ,gFAAgF,CAAC,IAAI;YACnF,qGAAqG;YACrG,oGAAoG;YACpG,iDAAiD,CACpD,CAAC;QACF,OAAO;KACR;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAzCD,8CAyCC"}

lib/runner.js

@@ -295,7 +295,7 @@ program
         const threads = (0, util_1.getThreadsFlag)(cmd.threads || initEnv["CODEQL_THREADS"], logger);
         const memory = (0, util_1.getMemoryFlag)(cmd.ram || initEnv["CODEQL_RAM"]);
         await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger, (0, feature_flags_1.createFeatureFlags)([]));
-        await (0, analyze_1.runQueries)(outputDir, memory, (0, util_1.getAddSnippetsFlag)(cmd.addSnippets), threads, cmd.category, config, logger);
+        await (0, analyze_1.runQueries)(outputDir, memory, (0, util_1.getAddSnippetsFlag)(cmd.addSnippets), threads, cmd.category, config, logger, (0, feature_flags_1.createFeatureFlags)([]));
         if (!cmd.upload) {
             logger.info("Not uploading results");
             return;

lib/trap-caching.js

@@ -18,19 +18,14 @@ var __importStar = (this && this.__importStar) || function (mod) {
     __setModuleDefault(result, mod);
     return result;
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getTotalCacheSize = exports.getLanguagesSupportingCaching = exports.uploadTrapCaches = exports.downloadTrapCaches = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const util_1 = require("util");
 const cache = __importStar(require("@actions/cache"));
-const get_folder_size_1 = __importDefault(require("get-folder-size"));
 const actionsUtil = __importStar(require("./actions-util"));
 const codeql_1 = require("./codeql");
-const util_2 = require("./util");
+const util_1 = require("./util");
 // This constant should be bumped if we make a breaking change
 // to how the CodeQL Action stores or retrieves the TRAP cache,
 // and will invalidate previous caches. We don't need to bump
@@ -39,6 +34,14 @@ const util_2 = require("./util");
 const CACHE_VERSION = 1;
 // This constant sets the size of each TRAP cache in megabytes.
 const CACHE_SIZE_MB = 1024;
+// This constant sets the minimum size in megabytes of a TRAP
+// cache for us to consider it worth uploading.
+const MINIMUM_CACHE_MB_TO_UPLOAD = 10;
+// The maximum number of milliseconds to wait for TRAP cache
+// uploads or downloads to complete before continuing. Note
+// this timeout is per operation, so will be run as many
+// times as there are languages with TRAP caching enabled.
+const MAX_CACHE_OPERATION_MS = 120000; // Two minutes
 async function getTrapCachingExtractorConfigArgs(config) {
     const result = [];
     for (const language of config.languages)
@@ -97,9 +100,11 @@ async function downloadTrapCaches(codeql, languages, logger) {
         // The SHA from the base of the PR is the most similar commit we might have a cache for
         const preferredKey = await cacheKey(codeql, language, baseSha);
         logger.info(`Looking in Actions cache for TRAP cache with key ${preferredKey}`);
-        const found = await cache.restoreCache([cacheDir], preferredKey, [
+        const found = await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, cache.restoreCache([cacheDir], preferredKey, [
             await cachePrefix(codeql, language), // Fall back to any cache with the right key prefix
-        ]);
+        ]), () => {
+            logger.info(`Timed out waiting for TRAP cache download for ${language}, will continue without it`);
+        });
         if (found === undefined) {
             // We didn't find a TRAP cache in the Actions cache, so the directory on disk is
             // still just an empty directory. There's no reason to tell the extractor to use it,
@@ -121,23 +126,32 @@ exports.downloadTrapCaches = downloadTrapCaches;
 async function uploadTrapCaches(codeql, config, logger) {
     if (!(await actionsUtil.isAnalyzingDefaultBranch()))
         return false; // Only upload caches from the default branch
-    const toAwait = [];
     for (const language of config.languages) {
         const cacheDir = config.trapCaches[language];
         if (cacheDir === undefined)
             continue;
+        const trapFolderSize = await (0, util_1.tryGetFolderBytes)(cacheDir, logger);
+        if (trapFolderSize === undefined) {
+            logger.info(`Skipping upload of TRAP cache for ${language} as we couldn't determine its size`);
+            continue;
+        }
+        if (trapFolderSize < MINIMUM_CACHE_MB_TO_UPLOAD * 1048576) {
+            logger.info(`Skipping upload of TRAP cache for ${language} as it is too small`);
+            continue;
+        }
         const key = await cacheKey(codeql, language, process.env.GITHUB_SHA || "unknown");
         logger.info(`Uploading TRAP cache to Actions cache with key ${key}`);
-        toAwait.push(cache.saveCache([cacheDir], key));
+        await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, cache.saveCache([cacheDir], key), () => {
+            logger.info(`Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading`);
+        });
     }
-    await Promise.all(toAwait);
     return true;
 }
 exports.uploadTrapCaches = uploadTrapCaches;
 async function getLanguagesSupportingCaching(codeql, languages, logger) {
     var _a, _b, _c, _d;
     const result = [];
-    if (!(await (0, util_2.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES)))
+    if (!(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES)))
         return result;
     const resolveResult = await codeql.betterResolveLanguages();
     outer: for (const lang of languages) {
@@ -168,16 +182,8 @@ async function getLanguagesSupportingCaching(codeql, languages, logger) {
 }
 exports.getLanguagesSupportingCaching = getLanguagesSupportingCaching;
 async function getTotalCacheSize(trapCaches, logger) {
-    try {
-        const sizes = await Promise.all(Object.values(trapCaches).map(async (cacheDir) => {
-            return (0, util_1.promisify)(get_folder_size_1.default)(cacheDir);
-        }));
-        return sizes.reduce((a, b) => a + b, 0);
-    }
-    catch (e) {
-        logger.warning(`Encountered an error while getting TRAP cache size: ${e}`);
-        return 0;
-    }
+    const sizes = await Promise.all(Object.values(trapCaches).map((cacheDir) => (0, util_1.tryGetFolderBytes)(cacheDir, logger)));
+    return sizes.map((a) => a || 0).reduce((a, b) => a + b, 0);
 }
 exports.getTotalCacheSize = getTotalCacheSize;
 async function cacheKey(codeql, language, baseSha) {

lib/trap-caching.test.js

@@ -164,6 +164,7 @@ function getTestConfigWithTempDir(tmpDir) {
     const loggedMessages = [];
     const logger = (0, testing_utils_1.getRecordingLogger)(loggedMessages);
     sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
+    sinon.stub(util, "tryGetFolderBytes").resolves(999999999);
     const stubSave = sinon.stub(cache, "saveCache");
     process.env.GITHUB_SHA = "somesha";
     await (0, trap_caching_1.uploadTrapCaches)(stubCodeql, testConfigWithoutTmpDir, logger);

lib/util.js

@@ -22,12 +22,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isGoExtractionReconciliationEnabled = exports.listFolder = exports.doesDirectoryExist = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.checkActionVersion = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isGitHubGhesVersionBelow = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.withTimeout = exports.tryGetFolderBytes = exports.isGoExtractionReconciliationEnabled = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.checkActionVersion = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isGitHubGhesVersionBelow = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.EnvVar = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
+const util_1 = require("util");
 const core = __importStar(require("@actions/core"));
 const del_1 = __importDefault(require("del"));
+const get_folder_size_1 = __importDefault(require("get-folder-size"));
 const semver = __importStar(require("semver"));
 const api = __importStar(require("./api-client"));
 const api_client_1 = require("./api-client");
@@ -428,7 +430,7 @@ var EnvVar;
      * the codeql-config file to the codeql CLI to be processed there.
      */
     EnvVar["CODEQL_PASS_CONFIG_TO_CLI"] = "CODEQL_PASS_CONFIG_TO_CLI";
-})(EnvVar || (EnvVar = {}));
+})(EnvVar = exports.EnvVar || (exports.EnvVar = {}));
 const exportVar = (mode, name, value) => {
     if (mode === Mode.actions) {
         core.exportVariable(name, value);
@@ -489,6 +491,9 @@ function getRequiredEnvParam(paramName) {
     return value;
 }
 exports.getRequiredEnvParam = getRequiredEnvParam;
+function getOptionalEnvParam(paramName) {
+    return process.env[paramName] || "";
+}
 class HTTPError extends Error {
     constructor(message, status) {
         super(message);
@@ -657,11 +662,32 @@ exports.isInTestMode = isInTestMode;
  * @returns true if the action should generate a conde-scanning config file
  * that gets passed to the CLI.
  */
-async function useCodeScanningConfigInCli(codeql) {
-    return (process.env[EnvVar.CODEQL_PASS_CONFIG_TO_CLI] === "true" &&
-        (await codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_CONFIG_FILES)));
+async function useCodeScanningConfigInCli(codeql, featureFlags) {
+    const envVarIsEnabled = getOptionalEnvParam(EnvVar.CODEQL_PASS_CONFIG_TO_CLI);
+    // If the user has explicitly turned off the feature, then don't use it.
+    if (envVarIsEnabled.toLocaleLowerCase() === "false") {
+        return false;
+    }
+    // If the user has explicitly turned on the feature, then use it.
+    // Or if the feature flag is enabled, then use it.
+    const isEnabled = envVarIsEnabled.toLocaleLowerCase() === "true" ||
+        (await featureFlags.getValue(feature_flags_1.FeatureFlag.CliConfigFileEnabled));
+    if (!isEnabled) {
+        return false;
+    }
+    // If the CLI version is too old, then don't use it.
+    return await codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_CONFIG_FILES);
 }
 exports.useCodeScanningConfigInCli = useCodeScanningConfigInCli;
+async function logCodeScanningConfigInCli(codeql, featureFlags, logger) {
+    if (await useCodeScanningConfigInCli(codeql, featureFlags)) {
+        logger.info("Code Scanning configuration file being processed in the codeql CLI.");
+    }
+    else {
+        logger.info("Code Scanning configuration file being processed in the codeql-action.");
+    }
+}
+exports.logCodeScanningConfigInCli = logCodeScanningConfigInCli;
 /*
  * Returns whether the path in the argument represents an existing directory.
  */
@@ -700,4 +726,41 @@ async function isGoExtractionReconciliationEnabled(featureFlags) {
         (await featureFlags.getValue(feature_flags_1.FeatureFlag.GolangExtractionReconciliationEnabled)));
 }
 exports.isGoExtractionReconciliationEnabled = isGoExtractionReconciliationEnabled;
+/**
+ * Get the size a folder in bytes. This will log any filesystem errors
+ * as a warning and then return undefined.
+ *
+ * @param cacheDir A directory to get the size of.
+ * @param logger A logger to log any errors to.
+ * @returns The size in bytes of the folder, or undefined if errors occurred.
+ */
+async function tryGetFolderBytes(cacheDir, logger) {
+    try {
+        return await (0, util_1.promisify)(get_folder_size_1.default)(cacheDir);
+    }
+    catch (e) {
+        logger.warning(`Encountered an error while getting size of folder: ${e}`);
+        return undefined;
+    }
+}
+exports.tryGetFolderBytes = tryGetFolderBytes;
+/**
+ * Run a promise for a given amount of time, and if it doesn't resolve within
+ * that time, call the provided callback and then return undefined.
+ *
+ * @param timeoutMs The timeout in milliseconds.
+ * @param promise The promise to run.
+ * @param onTimeout A callback to call if the promise times out.
+ * @returns The result of the promise, or undefined if the promise times out.
+ */
+async function withTimeout(timeoutMs, promise, onTimeout) {
+    const timeout = new Promise((resolve) => {
+        setTimeout(() => {
+            onTimeout();
+            resolve(undefined);
+        }, timeoutMs);
+    });
+    return await Promise.race([promise, timeout]);
+}
+exports.withTimeout = withTimeout;
 //# sourceMappingURL=util.js.map

lib/util.test.js

@@ -31,6 +31,7 @@ const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
 const api = __importStar(require("./api-client"));
+const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
@@ -361,4 +362,66 @@ for (const [version, githubVersion, shouldReportWarning,] of CHECK_ACTION_VERSIO
         ]);
     });
 });
+(0, ava_1.default)("useCodeScanningConfigInCli with no env var", async (t) => {
+    t.assert(!(await util.useCodeScanningConfigInCli(mockVersion("2.10.0"), (0, feature_flags_1.createFeatureFlags)([]))));
+    t.assert(!(await util.useCodeScanningConfigInCli(mockVersion("2.10.1"), (0, feature_flags_1.createFeatureFlags)([]))));
+    t.assert(!(await util.useCodeScanningConfigInCli(mockVersion("2.10.0"), (0, feature_flags_1.createFeatureFlags)([feature_flags_1.FeatureFlag.CliConfigFileEnabled]))));
+    // Yay! It works!
+    t.assert(await util.useCodeScanningConfigInCli(mockVersion("2.10.1"), (0, feature_flags_1.createFeatureFlags)([feature_flags_1.FeatureFlag.CliConfigFileEnabled])));
+});
+for (const val of ["TRUE", "true", "True"]) {
+    (0, ava_1.default)(`useCodeScanningConfigInCli with env var ${val}`, async (t) => {
+        process.env[util.EnvVar.CODEQL_PASS_CONFIG_TO_CLI] = val;
+        t.assert(!(await util.useCodeScanningConfigInCli(mockVersion("2.10.0"), (0, feature_flags_1.createFeatureFlags)([]))));
+        t.assert(!(await util.useCodeScanningConfigInCli(mockVersion("2.10.0"), (0, feature_flags_1.createFeatureFlags)([feature_flags_1.FeatureFlag.CliConfigFileEnabled]))));
+        // Yay! It works!
+        t.assert(await util.useCodeScanningConfigInCli(mockVersion("2.10.1"), (0, feature_flags_1.createFeatureFlags)([feature_flags_1.FeatureFlag.CliConfigFileEnabled])));
+        t.assert(await util.useCodeScanningConfigInCli(mockVersion("2.10.1"), (0, feature_flags_1.createFeatureFlags)([])));
+    });
+}
+for (const val of ["FALSE", "false", "False"]) {
+    (0, ava_1.default)(`useCodeScanningConfigInCli with env var ${val}`, async (t) => {
+        // Never turned on when env var is false
+        process.env[util.EnvVar.CODEQL_PASS_CONFIG_TO_CLI] = val;
+        t.assert(!(await util.useCodeScanningConfigInCli(mockVersion("2.10.0"), (0, feature_flags_1.createFeatureFlags)([]))));
+        t.assert(!(await util.useCodeScanningConfigInCli(mockVersion("2.10.0"), (0, feature_flags_1.createFeatureFlags)([feature_flags_1.FeatureFlag.CliConfigFileEnabled]))));
+        t.assert(!(await util.useCodeScanningConfigInCli(mockVersion("2.10.1"), (0, feature_flags_1.createFeatureFlags)([feature_flags_1.FeatureFlag.CliConfigFileEnabled]))));
+        t.assert(!(await util.useCodeScanningConfigInCli(mockVersion("2.10.1"), (0, feature_flags_1.createFeatureFlags)([]))));
+    });
+}
+function mockVersion(version) {
+    return {
+        async getVersion() {
+            return version;
+        },
+    };
+}
+const longTime = 999999;
+const shortTime = 10;
+(0, ava_1.default)("withTimeout on long task", async (t) => {
+    let longTaskTimedOut = false;
+    const longTask = new Promise((resolve) => {
+        setTimeout(() => {
+            resolve(42);
+        }, longTime);
+    });
+    const result = await util.withTimeout(shortTime, longTask, () => {
+        longTaskTimedOut = true;
+    });
+    t.deepEqual(longTaskTimedOut, true);
+    t.deepEqual(result, undefined);
+});
+(0, ava_1.default)("withTimeout on short task", async (t) => {
+    let shortTaskTimedOut = false;
+    const shortTask = new Promise((resolve) => {
+        setTimeout(() => {
+            resolve(99);
+        }, shortTime);
+    });
+    const result = await util.withTimeout(longTime, shortTask, () => {
+        shortTaskTimedOut = true;
+    });
+    t.deepEqual(shortTaskTimedOut, false);
+    t.deepEqual(result, 99);
+});
 //# sourceMappingURL=util.test.js.map

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.25",
+  "version": "2.1.28",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "2.1.25",
+  "version": "2.1.28",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "2.1.25",
+      "version": "2.1.28",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.0.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.25",
+  "version": "2.1.28",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

pr-checks/checks/go-custom-queries.yml

@@ -1,5 +1,7 @@
 name: "Go: Custom queries"
 description: "Checks that Go works in conjunction with a config file specifying custom queries"
+env: 
+  DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
 steps:
   - uses: actions/setup-go@v3
     with:

pr-checks/checks/unset-environment.yml

@@ -1,49 +0,0 @@
-name: "Test unsetting environment variables"
-description: "An end-to-end integration test that unsets some environment variables"
-os: ["ubuntu-latest"]
-steps:
-  - uses: ./../action/init
-    with:
-      db-location: "${{ runner.temp }}/customDbLocation"
-      tools: ${{ steps.prepare-test.outputs.tools-url }}
-    env:
-      TEST_MODE: true
-  - name: Build code
-    shell: bash
-    run: env -i PATH="$PATH" HOME="$HOME" ./build.sh
-  - uses: ./../action/analyze
-    id: analysis
-    env:
-      TEST_MODE: true
-  - shell: bash
-    run: |
-      CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }}
-      if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-        echo "Did not create a database for CPP, or created it in the wrong location."
-        exit 1
-      fi
-      CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }}
-      if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-        echo "Did not create a database for C Sharp, or created it in the wrong location."
-        exit 1
-      fi
-      GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }}
-      if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-        echo "Did not create a database for Go, or created it in the wrong location."
-        exit 1
-      fi
-      JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }}
-      if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-        echo "Did not create a database for Java, or created it in the wrong location."
-        exit 1
-      fi
-      JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }}
-      if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-        echo "Did not create a database for Javascript, or created it in the wrong location."
-        exit 1
-      fi
-      PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }}
-      if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-        echo "Did not create a database for Python, or created it in the wrong location."
-        exit 1
-      fi

src/actions-util.ts

@@ -545,7 +545,7 @@ export async function getRef(): Promise<string> {
   // in actions/checkout@v1 this may not be true as it checks out the repository
   // using GITHUB_REF. There is a subtle race condition where
   // git rev-parse GITHUB_REF != GITHUB_SHA, so we must check
-  // git git-parse GITHUB_REF == git rev-parse HEAD instead.
+  // git rev-parse GITHUB_REF == git rev-parse HEAD instead.
   const hasChangedRef =
     sha !== head &&
     (await getCommitOid(

src/analyze-action-env.test.ts

@@ -36,6 +36,7 @@ test("analyze action with RAM & threads from environment variables", async (t) =
       gitHubVersion,
       languages: [],
       packs: [],
+      trapCaches: {},
     } as unknown as configUtils.Config);
     const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
     requiredInputStub.withArgs("token").returns("fake-token");

src/analyze-action-input.test.ts

@@ -36,6 +36,7 @@ test("analyze action with RAM & threads from action inputs", async (t) => {
       gitHubVersion,
       languages: [],
       packs: [],
+      trapCaches: {},
     } as unknown as configUtils.Config);
     const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
     requiredInputStub.withArgs("token").returns("fake-token");

src/analyze-action.ts

@@ -245,6 +245,7 @@ async function run() {
       logger,
       featureFlags
     );
+
     if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
       runStats = await runQueries(
         outputDir,
@@ -253,7 +254,8 @@ async function run() {
         threads,
         actionsUtil.getOptionalInput("category"),
         config,
-        logger
+        logger,
+        featureFlags
       );
     }
 

src/analyze.test.ts

@@ -14,6 +14,7 @@ import {
 import { setCodeQL } from "./codeql";
 import { Config } from "./config-utils";
 import * as count from "./count-loc";
+import { createFeatureFlags } from "./feature-flags";
 import { Language } from "./languages";
 import { getRunnerLogger } from "./logging";
 import { setupTests, setupActionsVars } from "./testing-utils";
@@ -138,7 +139,8 @@ test("status report fields and search path setting", async (t) => {
         threadsFlag,
         undefined,
         config,
-        getRunnerLogger(true)
+        getRunnerLogger(true),
+        createFeatureFlags([])
       );
       const hasPacks = language in packs;
       const statusReportKeys = Object.keys(builtinStatusReport).sort();
@@ -187,7 +189,8 @@ test("status report fields and search path setting", async (t) => {
         threadsFlag,
         undefined,
         config,
-        getRunnerLogger(true)
+        getRunnerLogger(true),
+        createFeatureFlags([])
       );
       t.deepEqual(Object.keys(customStatusReport).length, 2);
       t.true(

src/analyze.ts

@@ -213,7 +213,8 @@ export async function runQueries(
   threadsFlag: string,
   automationDetailsId: string | undefined,
   config: configUtils.Config,
-  logger: Logger
+  logger: Logger,
+  featureFlags: FeatureFlags
 ): Promise<QueriesStatusReport> {
   const statusReport: QueriesStatusReport = {};
 
@@ -238,6 +239,9 @@ export async function runQueries(
   }
 
   const codeql = await getCodeQL(config.codeQLCmd);
+
+  await util.logCodeScanningConfigInCli(codeql, featureFlags, logger);
+
   for (const language of config.languages) {
     const queries = config.queries[language];
     const queryFilters = validateQueryFilters(
@@ -256,7 +260,7 @@ export async function runQueries(
     }
 
     try {
-      if (await util.useCodeScanningConfigInCli(codeql)) {
+      if (await util.useCodeScanningConfigInCli(codeql, featureFlags)) {
         // If we are using the codescanning config in the CLI,
         // much of the work needed to generate the query suites
         // is done in the CLI. We just need to make a single

src/codeql.test.ts

@@ -81,7 +81,7 @@ async function mockApiAndSetupCodeQL({
   tmpDir: string;
   toolsInput?: { input?: string };
   version: string;
-}) {
+}): Promise<{ codeql: codeql.CodeQL; toolsVersion: string }> {
   const platform =
     process.platform === "win32"
       ? "win64"
@@ -104,7 +104,7 @@ async function mockApiAndSetupCodeQL({
       )
     );
 
-  await codeql.setupCodeQL(
+  return await codeql.setupCodeQL(
     toolsInput ? toolsInput.input : `${baseUrl}${relativeUrl}`,
     apiDetails ?? sampleApiDetails,
     tmpDir,
@@ -124,8 +124,9 @@ test("download codeql bundle cache", async (t) => {
     for (let i = 0; i < versions.length; i++) {
       const version = versions[i];
 
-      await mockApiAndSetupCodeQL({ version, tmpDir });
+      const codeQLConfig = await mockApiAndSetupCodeQL({ version, tmpDir });
       t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
+      t.deepEqual(codeQLConfig.toolsVersion, version);
     }
 
     t.is(toolcache.findAllVersions("CodeQL").length, 2);
@@ -136,15 +137,20 @@ test("download codeql bundle cache explicitly requested with pinned different ve
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
-    await mockApiAndSetupCodeQL({
+    const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
       version: "20200601",
       isPinned: true,
       tmpDir,
     });
     t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+    t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
 
-    await mockApiAndSetupCodeQL({ version: "20200610", tmpDir });
+    const unpinnedCodeQLConfig = await mockApiAndSetupCodeQL({
+      version: "20200610",
+      tmpDir,
+    });
     t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
+    t.deepEqual(unpinnedCodeQLConfig.toolsVersion, "20200610");
   });
 });
 
@@ -152,15 +158,16 @@ test("don't download codeql bundle cache with pinned different version cached",
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
-    await mockApiAndSetupCodeQL({
+    const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
       version: "20200601",
       isPinned: true,
       tmpDir,
     });
 
     t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+    t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
 
-    await codeql.setupCodeQL(
+    const codeQLConfig = await codeql.setupCodeQL(
       undefined,
       sampleApiDetails,
       tmpDir,
@@ -169,6 +176,7 @@ test("don't download codeql bundle cache with pinned different version cached",
       getRunnerLogger(true),
       false
     );
+    t.deepEqual(codeQLConfig.toolsVersion, "0.0.0-20200601");
 
     const cachedVersions = toolcache.findAllVersions("CodeQL");
 
@@ -180,16 +188,24 @@ test("download codeql bundle cache with different version cached (not pinned)",
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
-    await mockApiAndSetupCodeQL({ version: "20200601", tmpDir });
+    const cachedCodeQLConfig = await mockApiAndSetupCodeQL({
+      version: "20200601",
+      tmpDir,
+    });
 
     t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+    t.deepEqual(cachedCodeQLConfig.toolsVersion, "20200601");
 
-    await mockApiAndSetupCodeQL({
+    const codeQLConfig = await mockApiAndSetupCodeQL({
       version: defaults.bundleVersion,
       tmpDir,
       apiDetails: sampleApiDetails,
       toolsInput: { input: undefined },
     });
+    t.deepEqual(
+      codeQLConfig.toolsVersion,
+      defaults.bundleVersion.replace("codeql-bundle-", "")
+    );
 
     const cachedVersions = toolcache.findAllVersions("CodeQL");
 
@@ -201,20 +217,25 @@ test('download codeql bundle cache with pinned different version cached if "late
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
-    await mockApiAndSetupCodeQL({
+    const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
       version: "20200601",
       isPinned: true,
       tmpDir,
     });
 
     t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+    t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
 
-    await mockApiAndSetupCodeQL({
+    const latestCodeQLConfig = await mockApiAndSetupCodeQL({
       version: defaults.bundleVersion,
       apiDetails: sampleApiDetails,
       toolsInput: { input: "latest" },
       tmpDir,
     });
+    t.deepEqual(
+      latestCodeQLConfig.toolsVersion,
+      defaults.bundleVersion.replace("codeql-bundle-", "")
+    );
 
     const cachedVersions = toolcache.findAllVersions("CodeQL");
 

src/codeql.ts

@@ -421,7 +421,7 @@ async function getCodeQLBundleDownloadURL(
  * @param logger
  * @param checkVersion Whether to check that CodeQL CLI meets the minimum
  *        version requirement. Must be set to true outside tests.
- * @returns
+ * @returns a { CodeQL, toolsVersion } object.
  */
 export async function setupCodeQL(
   codeqlURL: string | undefined,
@@ -479,6 +479,7 @@ export async function setupCodeQL(
               `CodeQL in cache overriding the default ${CODEQL_BUNDLE_VERSION}`
             );
             codeqlFolder = tmpCodeqlFolder;
+            codeqlURLVersion = codeqlVersions[0];
           }
         }
       }
@@ -819,7 +820,11 @@ async function getCodeQLForCmd(
         }
       }
 
-      const configLocation = await generateCodescanningConfig(codeql, config);
+      const configLocation = await generateCodescanningConfig(
+        codeql,
+        config,
+        featureFlags
+      );
       if (configLocation) {
         extraArgs.push(`--codescanning-config=${configLocation}`);
       }
@@ -1269,9 +1274,10 @@ async function runTool(cmd: string, args: string[] = []) {
  */
 async function generateCodescanningConfig(
   codeql: CodeQL,
-  config: Config
+  config: Config,
+  featureFlags: FeatureFlags
 ): Promise<string | undefined> {
-  if (!(await util.useCodeScanningConfigInCli(codeql))) {
+  if (!(await util.useCodeScanningConfigInCli(codeql, featureFlags))) {
     return;
   }
   const configLocation = path.resolve(config.tempDir, "user-config.yaml");

src/config-utils.ts

@@ -24,6 +24,7 @@ import {
   codeQlVersionAbove,
   getMlPoweredJsQueriesPack,
   GitHubVersion,
+  logCodeScanningConfigInCli,
   ML_POWERED_JS_QUERIES_PACK_NAME,
   useCodeScanningConfigInCli,
 } from "./util";
@@ -1704,7 +1705,9 @@ export async function initConfig(
   // When using the codescanning config in the CLI, pack downloads
   // happen in the CLI during the `database init` command, so no need
   // to download them here.
-  if (!(await useCodeScanningConfigInCli(codeQL))) {
+  await logCodeScanningConfigInCli(codeQL, featureFlags, logger);
+
+  if (!(await useCodeScanningConfigInCli(codeQL, featureFlags))) {
     const registries = parseRegistries(registriesInput);
     await downloadPacks(
       codeQL,

src/defaults.json

@@ -1,3 +1,3 @@
 {
-  "bundleVersion": "codeql-bundle-20220908"
+  "bundleVersion": "codeql-bundle-20220923"
 }

src/feature-flags.ts

@@ -12,6 +12,7 @@ export enum FeatureFlag {
   MlPoweredQueriesEnabled = "ml_powered_queries_enabled",
   TrapCachingEnabled = "trap_caching_enabled",
   GolangExtractionReconciliationEnabled = "golang_extraction_reconciliation_enabled",
+  CliConfigFileEnabled = "cli_config_file_enabled",
 }
 
 /**

src/init.ts

@@ -117,24 +117,7 @@ export async function runInit(
       }
     }
   } catch (e) {
-    // Handle the situation where init is called twice
-    // for the same database in the same job.
-    if (
-      e instanceof Error &&
-      e.message?.includes("Refusing to create databases") &&
-      e.message.includes("exists and is not an empty directory.")
-    ) {
-      throw new util.UserError(
-        `Is the "init" action called twice in the same job? ${e.message}`
-      );
-    } else if (
-      e instanceof Error &&
-      e.message?.includes("is not compatible with this CodeQL CLI")
-    ) {
-      throw new util.UserError(e.message);
-    } else {
-      throw e;
-    }
+    throw processError(e);
   }
   return await getCombinedTracerConfig(
     config,
@@ -144,6 +127,42 @@ export async function runInit(
   );
 }
 
+/**
+ * Possibly convert this error into a UserError in order to avoid
+ * counting this error towards our internal error budget.
+ *
+ * @param e The error to possibly convert to a UserError.
+ *
+ * @returns A UserError if the error is a known error that can be
+ *         attributed to the user, otherwise the original error.
+ */
+function processError(e: any): Error {
+  if (!(e instanceof Error)) {
+    return e;
+  }
+
+  if (
+    // Init action called twice
+    e.message?.includes("Refusing to create databases") &&
+    e.message?.includes("exists and is not an empty directory.")
+  ) {
+    return new util.UserError(
+      `Is the "init" action called twice in the same job? ${e.message}`
+    );
+  }
+
+  if (
+    // Version of CodeQL CLI is incompatible with this version of the CodeQL Action
+    e.message?.includes("is not compatible with this CodeQL CLI") ||
+    // Expected source location for database creation does not exist
+    e.message?.includes("Invalid source root")
+  ) {
+    return new util.UserError(e.message);
+  }
+
+  return e;
+}
+
 // Runs a powershell script to inject the tracer into a parent process
 // so it can tracer future processes, hopefully including the build process.
 // If processName is given then injects into the nearest parent process with

src/runner.ts

@@ -517,7 +517,8 @@ program
         threads,
         cmd.category,
         config,
-        logger
+        logger,
+        createFeatureFlags([])
       );
 
       if (!cmd.upload) {

src/trap-caching.test.ts

@@ -165,6 +165,7 @@ test("upload cache key contains right fields", async (t) => {
   const loggedMessages = [];
   const logger = getRecordingLogger(loggedMessages);
   sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
+  sinon.stub(util, "tryGetFolderBytes").resolves(999_999_999);
   const stubSave = sinon.stub(cache, "saveCache");
   process.env.GITHUB_SHA = "somesha";
   await uploadTrapCaches(stubCodeql, testConfigWithoutTmpDir, logger);

src/trap-caching.ts

@@ -1,16 +1,14 @@
 import * as fs from "fs";
 import * as path from "path";
-import { promisify } from "util";
 
 import * as cache from "@actions/cache";
-import getFolderSize from "get-folder-size";
 
 import * as actionsUtil from "./actions-util";
 import { CodeQL, CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES } from "./codeql";
 import { Config } from "./config-utils";
 import { Language } from "./languages";
 import { Logger } from "./logging";
-import { codeQlVersionAbove } from "./util";
+import { codeQlVersionAbove, tryGetFolderBytes, withTimeout } from "./util";
 
 // This constant should be bumped if we make a breaking change
 // to how the CodeQL Action stores or retrieves the TRAP cache,
@@ -22,6 +20,16 @@ const CACHE_VERSION = 1;
 // This constant sets the size of each TRAP cache in megabytes.
 const CACHE_SIZE_MB = 1024;
 
+// This constant sets the minimum size in megabytes of a TRAP
+// cache for us to consider it worth uploading.
+const MINIMUM_CACHE_MB_TO_UPLOAD = 10;
+
+// The maximum number of milliseconds to wait for TRAP cache
+// uploads or downloads to complete before continuing. Note
+// this timeout is per operation, so will be run as many
+// times as there are languages with TRAP caching enabled.
+const MAX_CACHE_OPERATION_MS = 120_000; // Two minutes
+
 export async function getTrapCachingExtractorConfigArgs(
   config: Config
 ): Promise<string[]> {
@@ -105,9 +113,17 @@ export async function downloadTrapCaches(
     logger.info(
       `Looking in Actions cache for TRAP cache with key ${preferredKey}`
     );
-    const found = await cache.restoreCache([cacheDir], preferredKey, [
-      await cachePrefix(codeql, language), // Fall back to any cache with the right key prefix
-    ]);
+    const found = await withTimeout(
+      MAX_CACHE_OPERATION_MS,
+      cache.restoreCache([cacheDir], preferredKey, [
+        await cachePrefix(codeql, language), // Fall back to any cache with the right key prefix
+      ]),
+      () => {
+        logger.info(
+          `Timed out waiting for TRAP cache download for ${language}, will continue without it`
+        );
+      }
+    );
     if (found === undefined) {
       // We didn't find a TRAP cache in the Actions cache, so the directory on disk is
       // still just an empty directory. There's no reason to tell the extractor to use it,
@@ -134,19 +150,38 @@ export async function uploadTrapCaches(
 ): Promise<boolean> {
   if (!(await actionsUtil.isAnalyzingDefaultBranch())) return false; // Only upload caches from the default branch
 
-  const toAwait: Array<Promise<number>> = [];
   for (const language of config.languages) {
     const cacheDir = config.trapCaches[language];
     if (cacheDir === undefined) continue;
+    const trapFolderSize = await tryGetFolderBytes(cacheDir, logger);
+    if (trapFolderSize === undefined) {
+      logger.info(
+        `Skipping upload of TRAP cache for ${language} as we couldn't determine its size`
+      );
+      continue;
+    }
+    if (trapFolderSize < MINIMUM_CACHE_MB_TO_UPLOAD * 1_048_576) {
+      logger.info(
+        `Skipping upload of TRAP cache for ${language} as it is too small`
+      );
+      continue;
+    }
     const key = await cacheKey(
       codeql,
       language,
       process.env.GITHUB_SHA || "unknown"
     );
     logger.info(`Uploading TRAP cache to Actions cache with key ${key}`);
-    toAwait.push(cache.saveCache([cacheDir], key));
+    await withTimeout(
+      MAX_CACHE_OPERATION_MS,
+      cache.saveCache([cacheDir], key),
+      () => {
+        logger.info(
+          `Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading`
+        );
+      }
+    );
   }
-  await Promise.all(toAwait);
   return true;
 }
 
@@ -201,17 +236,12 @@ export async function getTotalCacheSize(
   trapCaches: Partial<Record<Language, string>>,
   logger: Logger
 ): Promise<number> {
-  try {
-    const sizes = await Promise.all(
-      Object.values(trapCaches).map(async (cacheDir) => {
-        return promisify<string, number>(getFolderSize)(cacheDir);
-      })
-    );
-    return sizes.reduce((a, b) => a + b, 0);
-  } catch (e) {
-    logger.warning(`Encountered an error while getting TRAP cache size: ${e}`);
-    return 0;
-  }
+  const sizes = await Promise.all(
+    Object.values(trapCaches).map((cacheDir) =>
+      tryGetFolderBytes(cacheDir, logger)
+    )
+  );
+  return sizes.map((a) => a || 0).reduce((a, b) => a + b, 0);
 }
 
 async function cacheKey(

src/util.test.ts

@@ -9,7 +9,9 @@ import test, { ExecutionContext } from "ava";
 import * as sinon from "sinon";
 
 import * as api from "./api-client";
+import { CodeQL } from "./codeql";
 import { Config } from "./config-utils";
+import { createFeatureFlags, FeatureFlag } from "./feature-flags";
 import { getRunnerLogger, Logger } from "./logging";
 import { setupTests } from "./testing-utils";
 import * as util from "./util";
@@ -492,3 +494,141 @@ test("listFolder", async (t) => {
     ]);
   });
 });
+
+test("useCodeScanningConfigInCli with no env var", async (t) => {
+  t.assert(
+    !(await util.useCodeScanningConfigInCli(
+      mockVersion("2.10.0"),
+      createFeatureFlags([])
+    ))
+  );
+
+  t.assert(
+    !(await util.useCodeScanningConfigInCli(
+      mockVersion("2.10.1"),
+      createFeatureFlags([])
+    ))
+  );
+
+  t.assert(
+    !(await util.useCodeScanningConfigInCli(
+      mockVersion("2.10.0"),
+      createFeatureFlags([FeatureFlag.CliConfigFileEnabled])
+    ))
+  );
+
+  // Yay! It works!
+  t.assert(
+    await util.useCodeScanningConfigInCli(
+      mockVersion("2.10.1"),
+      createFeatureFlags([FeatureFlag.CliConfigFileEnabled])
+    )
+  );
+});
+
+for (const val of ["TRUE", "true", "True"]) {
+  test(`useCodeScanningConfigInCli with env var ${val}`, async (t) => {
+    process.env[util.EnvVar.CODEQL_PASS_CONFIG_TO_CLI] = val;
+    t.assert(
+      !(await util.useCodeScanningConfigInCli(
+        mockVersion("2.10.0"),
+        createFeatureFlags([])
+      ))
+    );
+
+    t.assert(
+      !(await util.useCodeScanningConfigInCli(
+        mockVersion("2.10.0"),
+        createFeatureFlags([FeatureFlag.CliConfigFileEnabled])
+      ))
+    );
+
+    // Yay! It works!
+    t.assert(
+      await util.useCodeScanningConfigInCli(
+        mockVersion("2.10.1"),
+        createFeatureFlags([FeatureFlag.CliConfigFileEnabled])
+      )
+    );
+
+    t.assert(
+      await util.useCodeScanningConfigInCli(
+        mockVersion("2.10.1"),
+        createFeatureFlags([])
+      )
+    );
+  });
+}
+
+for (const val of ["FALSE", "false", "False"]) {
+  test(`useCodeScanningConfigInCli with env var ${val}`, async (t) => {
+    // Never turned on when env var is false
+    process.env[util.EnvVar.CODEQL_PASS_CONFIG_TO_CLI] = val;
+    t.assert(
+      !(await util.useCodeScanningConfigInCli(
+        mockVersion("2.10.0"),
+        createFeatureFlags([])
+      ))
+    );
+
+    t.assert(
+      !(await util.useCodeScanningConfigInCli(
+        mockVersion("2.10.0"),
+        createFeatureFlags([FeatureFlag.CliConfigFileEnabled])
+      ))
+    );
+
+    t.assert(
+      !(await util.useCodeScanningConfigInCli(
+        mockVersion("2.10.1"),
+        createFeatureFlags([FeatureFlag.CliConfigFileEnabled])
+      ))
+    );
+
+    t.assert(
+      !(await util.useCodeScanningConfigInCli(
+        mockVersion("2.10.1"),
+        createFeatureFlags([])
+      ))
+    );
+  });
+}
+
+function mockVersion(version) {
+  return {
+    async getVersion() {
+      return version;
+    },
+  } as CodeQL;
+}
+
+const longTime = 999_999;
+const shortTime = 10;
+
+test("withTimeout on long task", async (t) => {
+  let longTaskTimedOut = false;
+  const longTask = new Promise((resolve) => {
+    setTimeout(() => {
+      resolve(42);
+    }, longTime);
+  });
+  const result = await util.withTimeout(shortTime, longTask, () => {
+    longTaskTimedOut = true;
+  });
+  t.deepEqual(longTaskTimedOut, true);
+  t.deepEqual(result, undefined);
+});
+
+test("withTimeout on short task", async (t) => {
+  let shortTaskTimedOut = false;
+  const shortTask = new Promise((resolve) => {
+    setTimeout(() => {
+      resolve(99);
+    }, shortTime);
+  });
+  const result = await util.withTimeout(longTime, shortTask, () => {
+    shortTaskTimedOut = true;
+  });
+  t.deepEqual(shortTaskTimedOut, false);
+  t.deepEqual(result, 99);
+});

src/util.ts

@@ -2,9 +2,11 @@ import * as fs from "fs";
 import * as os from "os";
 import * as path from "path";
 import { Readable } from "stream";
+import { promisify } from "util";
 
 import * as core from "@actions/core";
 import del from "del";
+import getFolderSize from "get-folder-size";
 import * as semver from "semver";
 
 import * as api from "./api-client";
@@ -487,7 +489,7 @@ export enum Mode {
  * CLI. These environment variables are relevant for both the runner
  * and the action.
  */
-enum EnvVar {
+export enum EnvVar {
   /**
    * The mode of the codeql-action, either 'actions' or 'runner'.
    */
@@ -591,6 +593,10 @@ export function getRequiredEnvParam(paramName: string): string {
   return value;
 }
 
+function getOptionalEnvParam(paramName: string): string {
+  return process.env[paramName] || "";
+}
+
 export class HTTPError extends Error {
   public status: number;
 
@@ -787,12 +793,44 @@ export function isInTestMode(): boolean {
  * that gets passed to the CLI.
  */
 export async function useCodeScanningConfigInCli(
-  codeql: CodeQL
+  codeql: CodeQL,
+  featureFlags: FeatureFlags
 ): Promise<boolean> {
-  return (
-    process.env[EnvVar.CODEQL_PASS_CONFIG_TO_CLI] === "true" &&
-    (await codeQlVersionAbove(codeql, CODEQL_VERSION_CONFIG_FILES))
-  );
+  const envVarIsEnabled = getOptionalEnvParam(EnvVar.CODEQL_PASS_CONFIG_TO_CLI);
+
+  // If the user has explicitly turned off the feature, then don't use it.
+  if (envVarIsEnabled.toLocaleLowerCase() === "false") {
+    return false;
+  }
+
+  // If the user has explicitly turned on the feature, then use it.
+  // Or if the feature flag is enabled, then use it.
+  const isEnabled =
+    envVarIsEnabled.toLocaleLowerCase() === "true" ||
+    (await featureFlags.getValue(FeatureFlag.CliConfigFileEnabled));
+
+  if (!isEnabled) {
+    return false;
+  }
+
+  // If the CLI version is too old, then don't use it.
+  return await codeQlVersionAbove(codeql, CODEQL_VERSION_CONFIG_FILES);
+}
+
+export async function logCodeScanningConfigInCli(
+  codeql: CodeQL,
+  featureFlags: FeatureFlags,
+  logger: Logger
+) {
+  if (await useCodeScanningConfigInCli(codeql, featureFlags)) {
+    logger.info(
+      "Code Scanning configuration file being processed in the codeql CLI."
+    );
+  } else {
+    logger.info(
+      "Code Scanning configuration file being processed in the codeql-action."
+    );
+  }
 }
 
 /*
@@ -836,3 +874,47 @@ export async function isGoExtractionReconciliationEnabled(
     ))
   );
 }
+
+/**
+ * Get the size a folder in bytes. This will log any filesystem errors
+ * as a warning and then return undefined.
+ *
+ * @param cacheDir A directory to get the size of.
+ * @param logger A logger to log any errors to.
+ * @returns The size in bytes of the folder, or undefined if errors occurred.
+ */
+export async function tryGetFolderBytes(
+  cacheDir: string,
+  logger: Logger
+): Promise<number | undefined> {
+  try {
+    return await promisify<string, number>(getFolderSize)(cacheDir);
+  } catch (e) {
+    logger.warning(`Encountered an error while getting size of folder: ${e}`);
+    return undefined;
+  }
+}
+
+/**
+ * Run a promise for a given amount of time, and if it doesn't resolve within
+ * that time, call the provided callback and then return undefined.
+ *
+ * @param timeoutMs The timeout in milliseconds.
+ * @param promise The promise to run.
+ * @param onTimeout A callback to call if the promise times out.
+ * @returns The result of the promise, or undefined if the promise times out.
+ */
+export async function withTimeout<T>(
+  timeoutMs: number,
+  promise: Promise<T>,
+  onTimeout: () => void
+): Promise<T | undefined> {
+  const timeout: Promise<undefined> = new Promise((resolve) => {
+    setTimeout(() => {
+      onTimeout();
+      resolve(undefined);
+    }, timeoutMs);
+  });
+
+  return await Promise.race([promise, timeout]);
+}

tests/multi-language-repo/.github/codeql/codeql-config-query-filters1.yml

@@ -3,8 +3,10 @@ name: "Check SARIF for default queries with Single include, Single exclude"
 query-filters:
 # This should run js/path-injection and js/zipslip
 - include:
-    tags contain: external/cwe/cwe-022
+    tags contain:
+        - external/cwe/cwe-022
 
 # Removes js/path-injection
 - exclude:
-    id: js/path-injection
+    id:
+        - js/path-injection

tests/multi-language-repo/.github/codeql/codeql-config-query-filters2.yml

@@ -10,12 +10,15 @@ packs:
 query-filters:
 # This should run js/path-injection and js/zipslip
 - include:
-    tags contain: external/cwe/cwe-022
+    tags contain:
+        - external/cwe/cwe-022
 
 # Removes js/path-injection
 - exclude:
-    id: js/path-injection
+    id:
+        - js/path-injection
 
 # Query from extra pack
 - include:
-    id: javascript/example/empty-or-one-block
+    id:
+        - javascript/example/empty-or-one-block

tests/multi-language-repo/.github/codeql/codeql-config-query-filters3.yml

@@ -20,16 +20,20 @@ packs:
 query-filters:
 # This should run js/path-injection and js/zipslip
 - include:
-    tags contain: external/cwe/cwe-022
+    tags contain:
+      - external/cwe/cwe-022
 
 # Removes js/path-injection
 - exclude:
-    id: js/path-injection
+    id:
+      - js/path-injection
 
 # Query from extra pack
 - include:
-    id: javascript/example/empty-or-one-block
+    id:
+      - javascript/example/empty-or-one-block
 
 # Local query
 - include:
-    id: inrepo-javascript-querypack/show-ifs
+    id:
+      - inrepo-javascript-querypack/show-ifs