Merge pull request #2522 from github/update-v3.26.11-8aba5f2c4

Merge main into releases/v3
Update changelog for v3.26.11
2026-05-04 04:40:09 +00:00 · 2024-10-03 13:00:22 -07:00 · 2024-10-03 19:41:19 +00:00 · 2024-10-02 15:10:17 -07:00 · 2024-10-02 14:22:25 -07:00 · 2024-10-02 22:14:53 +01:00
10021 changed files with 2326691 additions and 139666 deletions
@@ -1,4 +0,0 @@
-**/webpack.config.js
-lib/**
-src/testdata/**
-tests/**
@@ -1,71 +0,0 @@
-
-{
-    "parser": "@typescript-eslint/parser",
-    "parserOptions": {
-        "project": "./tsconfig.json"
-    },
-    "plugins": ["@typescript-eslint", "filenames", "github", "import", "no-async-foreach"],
-    "extends": [
-        "eslint:recommended",
-        "plugin:@typescript-eslint/recommended",
-        "plugin:@typescript-eslint/recommended-requiring-type-checking",
-        "plugin:github/recommended",
-        "plugin:github/typescript",
-        "plugin:import/typescript"
-    ],
-    "rules": {
-        "filenames/match-regex": ["error", "^[a-z0-9-]+(\\.test)?$"],
-        "i18n-text/no-en": "off",
-        "import/extensions": ["error", {
-            // Allow importing JSON files
-            "json": {}
-        }],
-        "import/no-amd": "error",
-        "import/no-commonjs": "error",
-        "import/no-cycle": "error",
-        "import/no-dynamic-require": "error",
-        // Disable the rule that checks that devDependencies aren't imported since we use a single
-        // linting configuration file for both source and test code.
-        "import/no-extraneous-dependencies": ["error", {"devDependencies": true}],
-        "import/no-namespace": "off",
-        "import/no-unresolved": "error",
-        "import/no-webpack-loader-syntax": "error",
-        "import/order": ["error", {
-            "alphabetize": {"order": "asc"},
-            "newlines-between": "always"
-        }],
-        "max-len": ["error", {
-            "code": 120,
-            "ignoreUrls": true,
-            "ignoreStrings": true,
-            "ignoreTemplateLiterals": true
-        }],
-        "no-async-foreach/no-async-foreach": "error",
-        "no-sequences": "error",
-        "no-shadow": "off",
-        "@typescript-eslint/no-shadow": "error",
-        "one-var": ["error", "never"]
-    },
-    "overrides": [{
-        // "temporarily downgraded during transition to eslint
-        "files": "**",
-        "rules": {
-            "@typescript-eslint/no-explicit-any": "off",
-            "@typescript-eslint/no-unsafe-assignment": "off",
-            "@typescript-eslint/no-unsafe-member-access": "off",
-            "@typescript-eslint/no-var-requires": "off",
-            "@typescript-eslint/prefer-regexp-exec": "off",
-            "@typescript-eslint/require-await": "off",
-            "@typescript-eslint/restrict-template-expressions": "off",
-            "func-style": "off"
-        }
-    }],
-    "settings": {
-        "import/resolver": {
-            "node": {
-                "moduleDirectory": ["node_modules", "src"]
-            },
-            "typescript": {}
-        }
-    }
-}
@@ -32,14 +32,20 @@ runs:
      run: |
        set -e # Fail this Action if `gh release list` fails.

+        if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
+          extension="tar.zst"
+        else
+          extension="tar.gz"
+        fi
+
        if [[ ${{ inputs.use-all-platform-bundle }} == "true" ]]; then
-          artifact_name="codeql-bundle.tar.gz"
+          artifact_name="codeql-bundle.$extension"
        elif [[ "$RUNNER_OS" == "Linux" ]]; then
-          artifact_name="codeql-bundle-linux64.tar.gz"
+          artifact_name="codeql-bundle-linux64.$extension"
        elif [[ "$RUNNER_OS" == "macOS" ]]; then
-          artifact_name="codeql-bundle-osx64.tar.gz"
+          artifact_name="codeql-bundle-osx64.$extension"
        elif [[ "$RUNNER_OS" == "Windows" ]]; then
-          artifact_name="codeql-bundle-win64.tar.gz"
+          artifact_name="codeql-bundle-win64.$extension"
        else
          echo "::error::Unrecognized OS $RUNNER_OS"
          exit 1
@@ -11,7 +11,7 @@ runs:
      id: get_swift_version
      if: runner.os == 'Linux'
      shell: bash
-      env: 
+      env:
        CODEQL_PATH: ${{ inputs.codeql-path }}
      run: |
        SWIFT_EXTRACTOR_DIR="$("$CODEQL_PATH" resolve languages --format json | jq -r '.swift[0]')"
@@ -19,7 +19,7 @@ runs:
          VERSION="null"
        else
          VERSION="$("$SWIFT_EXTRACTOR_DIR/tools/linux64/extractor" --version | awk '/version/ { print $3 }')"
-          # Specify 5.x.0, otherwise setup Action will default to latest minor version. 
+          # Specify 5.x.0, otherwise setup Action will default to latest minor version.
          if [ $VERSION = "5.7" ]; then
            VERSION="5.7.0"
          elif [ $VERSION = "5.8" ]; then
@@ -29,11 +29,11 @@ runs:
          # setup-swift does not yet support v5.9.1 Remove this when it does.
          elif [ $VERSION = "5.9.1" ]; then
            VERSION="5.9.0"
-          fi 
+          fi
        fi
        echo "version=$VERSION" | tee -a $GITHUB_OUTPUT

-    - uses: redsun82/setup-swift@b2b6f77ab14f6a9b136b520dc53ec8eca27d2b99 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
+    - uses: redsun82/setup-swift@362f49f31da2f5f4f851657046bdd1290d03edc8 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
      if: runner.os == 'Linux' && steps.get_swift_version.outputs.version != 'null'
      with:
        swift-version: "${{ steps.get_swift_version.outputs.version }}"
@@ -16,6 +16,10 @@ updates:
      # v7 requires ESM
      - dependency-name: "del"
        versions: ["^7.0.0"]
+      # This is broken due to the way configuration files have changed. 
+      # This might be fixed when we move to eslint v9.
+      - dependency-name: "eslint-plugin-import"
+        versions: [">=2.30.0"]
    groups:
      npm:
        patterns:
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -60,10 +58,9 @@ jobs:
      - id: init
        uses: ./../action/init
        with:
+      # Swift is not supported on Ubuntu so we manually exclude it from the list here
+          languages: cpp,csharp,go,java,javascript,python,ruby
          tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - uses: ./../action/.github/actions/setup-swift
-        with:
-          codeql-path: ${{ steps.init.outputs.codeql-path }}
      - name: Build code
        shell: bash
        run: ./build.sh
@@ -45,8 +45,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -45,8 +45,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -47,8 +47,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -47,8 +47,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -74,10 +72,6 @@ jobs:
            exit 1
          fi

-      - uses: ./../action/.github/actions/setup-swift
-        with:
-          codeql-path: ${{ steps.init.outputs.codeql-path }}
-
      - name: Build code
        shell: bash
        run: ./build.sh
@@ -43,8 +43,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -51,8 +51,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -45,8 +45,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -45,8 +45,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -27,12 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: stable-20230403
-          - os: macos-12
-            version: stable-20230403
-          - os: windows-latest
-            version: stable-20230403
          - os: ubuntu-latest
            version: linked
          - os: macos-latest
@@ -57,8 +51,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -83,17 +75,13 @@ jobs:
        env:
          CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
        run: |
-          for i in {1..2}; do
-            # Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.6 that
-            # produces an invalid diagnostic with multiple identical location objects.
-            "$CODEQL_PATH" database add-diagnostic \
-              "$RUNNER_TEMP/codeql_databases/javascript" \
-              --file-path /path/to/file \
-              --plaintext-message "Plaintext message $i" \
-              --source-id "lang/diagnostics/example" \
-              --source-name "Diagnostic name" \
-              --ready-for-status-page
-          done
+          "$CODEQL_PATH" database add-diagnostic \
+            "$RUNNER_TEMP/codeql_databases/javascript" \
+            --file-path /path/to/file \
+            --plaintext-message "Plaintext message" \
+            --source-id "lang/diagnostics/example" \
+            --source-name "Diagnostic name" \
+            --ready-for-status-page
      - uses: ./../action/analyze
        with:
          output: ${{ runner.temp }}/results
@@ -113,7 +101,7 @@ jobs:
            const fs = require('fs');

            function checkStatusPageNotification(n) {
-              const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.';
+              const expectedMessage = 'Plaintext message';
              if (n.message.text !== expectedMessage) {
                core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`);
              }
@@ -45,8 +45,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -86,7 +84,7 @@ jobs:
        run: |
          cd "$RUNNER_TEMP/results"
          expected_baseline_languages="c csharp go java kotlin javascript python ruby"
-          if [[ $RUNNER_OS != "Windows" ]]; then
+          if [[ $RUNNER_OS == "macOS" ]]; then
            expected_baseline_languages+=" swift"
          fi

@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -28,53 +28,9 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: stable-20230403
-          - os: macos-12
-            version: stable-20230403
-          - os: windows-latest
-            version: stable-20230403
-          - os: ubuntu-latest
-            version: stable-v2.13.5
-          - os: macos-12
-            version: stable-v2.13.5
-          - os: windows-latest
-            version: stable-v2.13.5
-          - os: ubuntu-latest
-            version: stable-v2.14.6
-          - os: macos-12
-            version: stable-v2.14.6
-          - os: windows-latest
-            version: stable-v2.14.6
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
-          - os: windows-latest
-            version: stable-v2.15.5
-          - os: ubuntu-latest
-            version: stable-v2.16.6
-          - os: macos-latest
-            version: stable-v2.16.6
-          - os: windows-latest
-            version: stable-v2.16.6
-          - os: ubuntu-latest
-            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
-          - os: ubuntu-latest
-            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
            version: linked
          - os: ubuntu-latest
            version: nightly-latest
-          - os: macos-latest
-            version: nightly-latest
-          - os: windows-latest
-            version: nightly-latest
    name: 'Go: Custom queries'
    permissions:
      contents: read
@@ -87,8 +43,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -27,10 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: stable-20230403
-          - os: macos-12
-            version: stable-20230403
          - os: ubuntu-latest
            version: stable-v2.13.5
          - os: macos-12
@@ -47,6 +43,10 @@ jobs:
            version: stable-v2.16.6
          - os: macos-latest
            version: stable-v2.16.6
+          - os: ubuntu-latest
+            version: stable-v2.17.6
+          - os: macos-latest
+            version: stable-v2.17.6
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -71,8 +71,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -89,7 +87,7 @@ jobs:
          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
-          go-version: ~1.22.0
+          go-version: ~1.23.0
      # to avoid potentially misleading autobuilder results where we expect it to download
      # dependencies successfully, but they actually come from a warm cache
          cache: false
@@ -27,10 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: stable-20230403
-          - os: macos-12
-            version: stable-20230403
          - os: ubuntu-latest
            version: stable-v2.13.5
          - os: macos-12
@@ -47,6 +43,10 @@ jobs:
            version: stable-v2.16.6
          - os: macos-latest
            version: stable-v2.16.6
+          - os: ubuntu-latest
+            version: stable-v2.17.6
+          - os: macos-latest
+            version: stable-v2.17.6
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -71,8 +71,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -89,7 +87,7 @@ jobs:
          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
-          go-version: ~1.22.0
+          go-version: ~1.23.0
      # to avoid potentially misleading autobuilder results where we expect it to download
      # dependencies successfully, but they actually come from a warm cache
          cache: false
@@ -27,10 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: stable-20230403
-          - os: macos-12
-            version: stable-20230403
          - os: ubuntu-latest
            version: stable-v2.13.5
          - os: macos-12
@@ -47,6 +43,10 @@ jobs:
            version: stable-v2.16.6
          - os: macos-latest
            version: stable-v2.16.6
+          - os: ubuntu-latest
+            version: stable-v2.17.6
+          - os: macos-latest
+            version: stable-v2.17.6
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -71,8 +71,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -89,7 +87,7 @@ jobs:
          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
-          go-version: ~1.22.0
+          go-version: ~1.23.0
      # to avoid potentially misleading autobuilder results where we expect it to download
      # dependencies successfully, but they actually come from a warm cache
          cache: false
@@ -58,8 +58,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -45,8 +45,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -0,0 +1,84 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Job run UUID added to SARIF
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  job-run-uuid-sarif:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            version: nightly-latest
+    name: Job run UUID added to SARIF
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - uses: ./../action/init
+        id: init
+        with:
+          languages: javascript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+      - name: Upload SARIF
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json
+          path: ${{ runner.temp }}/results/javascript.sarif
+          retention-days: 7
+      - name: Check results
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/results"
+          actual=$(jq -r '.runs[0].properties.jobRunUuid' javascript.sarif)
+          if [[ "$actual" != "$JOB_RUN_UUID" ]]; then
+            echo "Expected SARIF output to contain job run UUID '$JOB_RUN_UUID', but found '$actual'."
+            exit 1
+          else
+            echo "Found job run UUID '$actual'."
+          fi
+    env:
+      CODEQL_ACTION_TEST_MODE: true
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -28,15 +28,25 @@ jobs:
      matrix:
        include:
          - os: macos-12
-            version: stable-20230403
-          - os: macos-12
+            version: stable-v2.13.5
+          - os: ubuntu-latest
            version: stable-v2.13.5
          - os: macos-12
            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: stable-v2.14.6
          - os: macos-latest
            version: stable-v2.15.5
+          - os: ubuntu-latest
+            version: stable-v2.15.5
          - os: macos-latest
            version: stable-v2.16.6
+          - os: ubuntu-latest
+            version: stable-v2.16.6
+          - os: macos-latest
+            version: stable-v2.17.6
+          - os: ubuntu-latest
+            version: stable-v2.17.6
          - os: macos-latest
            version: default
          - os: ubuntu-latest
@@ -61,8 +71,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -85,9 +93,13 @@ jobs:
        id: init
        with:
          db-location: ${{ runner.temp }}/customDbLocation
+      # Swift is not supported on Ubuntu so we manually exclude it from the list here
+          languages: ${{ runner.os == 'Linux' && 'cpp,csharp,go,java,javascript,python,ruby'
+            || '' }}
          tools: ${{ steps.prepare-test.outputs.tools-url }}

      - uses: ./../action/.github/actions/setup-swift
+        if: runner.os == 'macOS'
        with:
          codeql-path: ${{ steps.init.outputs.codeql-path }}

@@ -139,8 +151,8 @@ jobs:
            exit 1
          fi

-      - name: Check language autodetect for Swift
-        if: runner.os != 'Windows' && matrix.version != 'stable-20230403'
+      - name: Check language autodetect for Swift on MacOS
+        if: runner.os == 'macOS'
        shell: bash
        run: |
          SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
@@ -57,8 +57,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -57,8 +57,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -57,8 +57,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -57,8 +57,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -28,53 +28,9 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: stable-20230403
-          - os: macos-12
-            version: stable-20230403
-          - os: windows-latest
-            version: stable-20230403
-          - os: ubuntu-latest
-            version: stable-v2.13.5
-          - os: macos-12
-            version: stable-v2.13.5
-          - os: windows-latest
-            version: stable-v2.13.5
-          - os: ubuntu-latest
-            version: stable-v2.14.6
-          - os: macos-12
-            version: stable-v2.14.6
-          - os: windows-latest
-            version: stable-v2.14.6
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
-          - os: windows-latest
-            version: stable-v2.15.5
-          - os: ubuntu-latest
-            version: stable-v2.16.6
-          - os: macos-latest
-            version: stable-v2.16.6
-          - os: windows-latest
-            version: stable-v2.16.6
-          - os: ubuntu-latest
-            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
-          - os: ubuntu-latest
-            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
            version: linked
          - os: ubuntu-latest
            version: nightly-latest
-          - os: macos-latest
-            version: nightly-latest
-          - os: windows-latest
-            version: nightly-latest
    name: Remote config file
    permissions:
      contents: read
@@ -87,8 +43,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -28,11 +28,11 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: stable-v2.13.4
+            version: stable-v2.13.5
          - os: macos-12
-            version: stable-v2.13.4
+            version: stable-v2.13.5
          - os: windows-latest
-            version: stable-v2.13.4
+            version: stable-v2.13.5
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -63,8 +63,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -81,7 +79,7 @@ jobs:
          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
-          languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript'
+          languages: ${{ matrix.version == 'stable-v2.13.5' && 'go' || 'go,javascript-typescript'
            }}
          tools: ${{ steps.prepare-test.outputs.tools-url }}

@@ -96,14 +94,14 @@ jobs:
        run: exit 1

      - name: Resolve environment for JavaScript/TypeScript
-        if: matrix.version != 'stable-v2.13.4'
+        if: matrix.version != 'stable-v2.13.5'
        uses: ./../action/resolve-environment
        id: resolve-environment-js
        with:
          language: javascript-typescript

      - name: Fail if JavaScript/TypeScript configuration present
-        if: matrix.version != 'stable-v2.13.4' && 
+        if: matrix.version != 'stable-v2.13.5' && 
          fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
        run: exit 1
    env:
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -51,8 +51,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -1,104 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Scaling reserved RAM
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    branches:
-      - main
-      - releases/v*
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-  schedule:
-    - cron: '0 5 * * *'
-  workflow_dispatch: {}
-jobs:
-  scaling-reserved-ram:
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: macos-12
-            version: stable-20230403
-          - os: macos-12
-            version: stable-v2.13.5
-          - os: macos-12
-            version: stable-v2.14.6
-          - os: macos-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.16.6
-          - os: macos-latest
-            version: default
-          - os: ubuntu-latest
-            version: default
-          - os: macos-latest
-            version: linked
-          - os: ubuntu-latest
-            version: linked
-          - os: macos-latest
-            version: nightly-latest
-          - os: ubuntu-latest
-            version: nightly-latest
-    name: Scaling reserved RAM
-    permissions:
-      contents: read
-      security-events: write
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Setup Python on MacOS
-        uses: actions/setup-python@v5
-        if: >-
-          runner.os == 'macOS' && (
-
-          matrix.version == 'stable-20230403' ||
-
-          matrix.version == 'stable-v2.13.5' ||
-
-          matrix.version == 'stable-v2.14.6')
-        with:
-          python-version: '3.11'
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Prepare test
-        id: prepare-test
-        uses: ./.github/actions/prepare-test
-        with:
-          version: ${{ matrix.version }}
-          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
-        with:
-          go-version: '>=1.21.0'
-
-      - uses: ./../action/init
-        id: init
-        with:
-          db-location: ${{ runner.temp }}/customDbLocation
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
-
-      - uses: ./../action/.github/actions/setup-swift
-        with:
-          codeql-path: ${{ steps.init.outputs.codeql-path }}
-
-      - name: Build code
-        shell: bash
-        run: ./build.sh
-
-      - uses: ./../action/analyze
-        id: analysis
-        with:
-          upload-database: false
-    env:
-      CODEQL_ACTION_SCALING_RESERVED_RAM: true
-      CODEQL_ACTION_TEST_MODE: true
@@ -51,8 +51,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -45,8 +45,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -65,6 +63,7 @@ jobs:
      - uses: ./init
        with:
          languages: javascript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
      - name: Fail
    # We want this job to pass if the Action correctly uploads the SARIF file for
    # the failed run.
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -29,16 +29,10 @@ jobs:
        include:
          - os: macos-latest
            version: linked
-          - os: ubuntu-latest
-            version: linked
          - os: macos-latest
            version: default
-          - os: ubuntu-latest
-            version: default
          - os: macos-latest
            version: nightly-latest
-          - os: ubuntu-latest
-            version: nightly-latest
    name: Swift analysis using a custom build command
    permissions:
      contents: read
@@ -51,8 +45,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -66,10 +64,9 @@ jobs:
      - id: init
        uses: ./../action/init
        with:
-          tools: ./codeql-bundle-linux64.tar.gz
-      - uses: ./../action/.github/actions/setup-swift
-        with:
-          codeql-path: ${{ steps.init.outputs.codeql-path }}
+      # Swift is not supported on Ubuntu so we manually exclude it from the list here
+          languages: cpp,csharp,go,java,javascript,python,ruby
+          tools: ./codeql-bundle-linux64.tar.zst
      - name: Build code
        shell: bash
        run: ./build.sh
@@ -41,8 +41,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -27,8 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: default
          - os: ubuntu-latest
            version: linked
          - os: ubuntu-latest
@@ -45,8 +43,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -65,10 +61,9 @@ jobs:
        id: init
        with:
          db-location: ${{ runner.temp }}/customDbLocation
+      # Swift is not supported on Ubuntu so we manually exclude it from the list here
+          languages: cpp,csharp,go,java,javascript,python,ruby
          tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - uses: ./../action/.github/actions/setup-swift
-        with:
-          codeql-path: ${{ steps.init.outputs.codeql-path }}
      - uses: actions/setup-go@v5
        with:
          go-version: '>=1.21.0'
@@ -45,8 +45,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -45,8 +45,6 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

-          matrix.version == 'stable-20230403' ||
-
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -0,0 +1,130 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Zstandard bundle fallback
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  zstd-bundle-fallback:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: macos-latest
+            version: linked
+          - os: windows-latest
+            version: linked
+          - os: ubuntu-latest
+            version: linked
+    name: Zstandard bundle fallback
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - name: Remove CodeQL from toolcache
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL');
+            fs.rmdirSync(codeqlPath, { recursive: true });
+      - id: init
+        uses: ./../action/init
+        with:
+          languages: javascript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
+      - name: Upload SARIF
+        uses: actions/upload-artifact@v3
+        with:
+          name: zstd-bundle.sarif
+          path: ${{ runner.temp }}/results/javascript.sarif
+          retention-days: 7
+      - name: Check expected diagnostics
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
+        with:
+          script: |
+            const fs = require('fs');
+
+            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+            const run = sarif.runs[0];
+
+            const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
+            const downloadTelemetryNotifications = toolExecutionNotifications.filter(n =>
+              n.descriptor.id === 'codeql-action/bundle-download-telemetry'
+            );
+            if (downloadTelemetryNotifications.length !== 1) {
+              core.setFailed(
+                'Expected exactly one reporting descriptor in the ' +
+                  `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
+                  `${downloadTelemetryNotifications.length}. All notification reporting descriptors: ` +
+                  `${JSON.stringify(toolExecutionNotifications)}.`
+              );
+            }
+
+            const toolsUrl = downloadTelemetryNotifications[0].properties.attributes.toolsUrl;
+            console.log(`Found tools URL: ${toolsUrl}`);
+
+            if (!toolsUrl.endsWith('.tar.gz')) {
+              core.setFailed(
+                `Expected the tools URL to be a .tar.gz file, but found '${toolsUrl}'.`
+              );
+            }
+
+            const zstdFailureReason = downloadTelemetryNotifications[0].properties.attributes.zstdFailureReason;
+            console.log(`Found zstd failure reason: ${zstdFailureReason}`);
+
+            const expectedZstdFailureReason = 'Failing since CODEQL_ACTION_FORCE_ZSTD_FAILURE is true.';
+            if (zstdFailureReason !== expectedZstdFailureReason) {
+              core.setFailed(
+                `Expected the zstd failure reason to be '${expectedZstdFailureReason}', but found '${zstdFailureReason}'.`
+              );
+            }
+    env:
+      CODEQL_ACTION_ZSTD_BUNDLE: true
+      CODEQL_ACTION_FORCE_ZSTD_FAILURE: true
+      CODEQL_ACTION_TEST_MODE: true
@@ -0,0 +1,119 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Zstandard bundle
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  zstd-bundle:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: macos-latest
+            version: linked
+          - os: windows-latest
+            version: linked
+          - os: ubuntu-latest
+            version: linked
+    name: Zstandard bundle
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - name: Remove CodeQL from toolcache
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL');
+            fs.rmdirSync(codeqlPath, { recursive: true });
+      - id: init
+        uses: ./../action/init
+        with:
+          languages: javascript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
+      - name: Upload SARIF
+        uses: actions/upload-artifact@v3
+        with:
+          name: zstd-bundle.sarif
+          path: ${{ runner.temp }}/results/javascript.sarif
+          retention-days: 7
+      - name: Check diagnostic with expected tools URL appears in SARIF
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
+        with:
+          script: |
+            const fs = require('fs');
+
+            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+            const run = sarif.runs[0];
+
+            const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
+            const downloadTelemetryNotifications = toolExecutionNotifications.filter(n =>
+              n.descriptor.id === 'codeql-action/bundle-download-telemetry'
+            );
+            if (downloadTelemetryNotifications.length !== 1) {
+              core.setFailed(
+                'Expected exactly one reporting descriptor in the ' +
+                  `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
+                  `${downloadTelemetryNotifications.length}. All notification reporting descriptors: ` +
+                  `${JSON.stringify(toolExecutionNotifications)}.`
+              );
+            }
+
+            const toolsUrl = downloadTelemetryNotifications[0].properties.attributes.toolsUrl;
+            console.log(`Found tools URL: ${toolsUrl}`);
+
+            if (!toolsUrl.endsWith('.tar.zst')) {
+              core.setFailed(
+                `Expected the tools URL to be a .tar.zst file, but found ${toolsUrl}.`
+              );
+            }
+    env:
+      CODEQL_ACTION_ZSTD_BUNDLE: true
+      CODEQL_ACTION_TEST_MODE: true
@@ -0,0 +1,99 @@
+# Checks logs, SARIF, and database bundle debug artifacts exist and are accessible
+# with download-artifact@v4 when CODEQL_ACTION_ARTIFACT_V4_UPGRADE is set to true.
+name: PR Check - Debug artifact upload using artifact@v2
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  CODEQL_ACTION_ARTIFACT_V4_UPGRADE: true
+on:
+  push:
+    branches:
+    - main
+    - releases/v*
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  upload-artifacts:
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+        - stable-v2.13.5
+        - stable-v2.14.6
+        - stable-v2.15.5
+        - stable-v2.16.6
+        - stable-v2.17.6
+        - default
+        - linked
+        - nightly-latest
+    name: Upload debug artifacts
+    env:
+      CODEQL_ACTION_TEST_MODE: true
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ^1.13.1
+      - uses: ./../action/init
+        id: init
+        with:
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+          debug: true
+          debug-artifact-name: my-debug-artifacts
+          debug-database-name: my-db
+          # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
+          languages: cpp,csharp,go,java,javascript,python,ruby 
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        id: analysis
+  download-and-check-artifacts:
+    name: Download and check debug artifacts
+    needs: upload-artifacts
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download all artifacts
+        uses: actions/download-artifact@v4
+      - name: Check expected artifacts exist
+        shell: bash
+        run: |
+          VERSIONS="stable-v2.13.5 stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 default linked nightly-latest"
+          LANGUAGES="cpp csharp go java javascript python"
+          for version in $VERSIONS; do
+            pushd "./my-debug-artifacts-${version//./}"
+            echo "Artifacts from version $version:"
+            for language in $LANGUAGES; do
+              echo "- Checking $language"
+              if [[ ! -f "$language.sarif" ]] ; then
+                echo "Missing a SARIF file for $language"
+                exit 1
+              fi
+              if [[ ! -f "my-db-$language.zip" ]] ; then
+                echo "Missing a database bundle for $language"
+                exit 1
+              fi
+              if [[ ! -d "$language/log" ]] ; then
+                echo "Missing logs for $language"
+                exit 1
+              fi
+            done
+            popd
+          done
+        env:
+          GO111MODULE: auto
@@ -22,10 +22,11 @@ jobs:
      fail-fast: false
      matrix:
        version:
-        - stable-20230403
        - stable-v2.13.5
        - stable-v2.14.6
        - stable-v2.15.5
+        - stable-v2.16.6
+        - stable-v2.17.6
        - default
        - linked
        - nightly-latest
@@ -52,9 +53,8 @@ jobs:
          debug: true
          debug-artifact-name: my-debug-artifacts
          debug-database-name: my-db
-      - uses: ./../action/.github/actions/setup-swift
-        with:
-          codeql-path: ${{ steps.init.outputs.codeql-path }}
+          # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
+          languages: cpp,csharp,go,java,javascript,python,ruby 
      - name: Build code
        shell: bash
        run: ./build.sh
@@ -71,7 +71,7 @@ jobs:
      - name: Check expected artifacts exist
        shell: bash
        run: |
-          VERSIONS="stable-20230403 stable-v2.13.5 stable-v2.14.6 stable-v2.15.5 default linked nightly-latest"
+          VERSIONS="stable-v2.13.5 stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 default linked nightly-latest"
          LANGUAGES="cpp csharp go java javascript python"
          for version in $VERSIONS; do
            pushd "./my-debug-artifacts-${version//./}"
@@ -2,7 +2,6 @@ name: PR Checks

 on:
  push:
-    branches: [main, releases/v*]
  pull_request:
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
@@ -25,7 +24,16 @@ jobs:
        uses: actions/checkout@v4

      - name: Lint
-        run: npm run-script lint
+        id: lint
+        run: npm run-script lint-ci
+
+      - name: Upload sarif
+        uses: github/codeql-action/upload-sarif@v3
+        # Only upload SARIF for the latest version of Node.js
+        if: "!cancelled() && matrix.node-types-version == 'current' && !startsWith(github.head_ref, 'dependabot/')"
+        with:
+          sarif_file: eslint.sarif
+          category: eslint

      - name: Update version of @types/node
        if: matrix.node-types-version != 'current'
@@ -53,6 +61,7 @@ jobs:
        run: .github/workflows/script/check-js.sh

  check-node-modules:
+    if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
    name: Check modules up to date
    runs-on: macos-latest
    timeout-minutes: 45
@@ -63,6 +72,7 @@ jobs:
        run: .github/workflows/script/check-node-modules.sh

  check-file-contents:
+    if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
    name: Check file contents
    runs-on: ubuntu-latest
    timeout-minutes: 45
@@ -87,6 +97,7 @@ jobs:
        run: .github/workflows/script/verify-pr-checks.sh

  npm-test:
+    if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
    name: Unit Test
    needs: [check-js, check-node-modules]
    strategy:
@@ -106,7 +117,7 @@ jobs:
          npm test

  check-node-version:
-    if: ${{ github.event.pull_request }}
+    if: github.event.pull_request
    name: Check Action Node versions
    runs-on: ubuntu-latest
    timeout-minutes: 45
@@ -69,7 +69,8 @@ jobs:
          if [ ! -z "$(git status --porcelain)" ]; then
            git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
            git config --global user.name "github-actions[bot]"
-            git commit -am "Rebuild"
+            git add --all
+            git commit -m "Rebuild"
            git push origin "HEAD:$BRANCH"
            echo "Pushed a commit to rebuild the Action." \
              "Please mark the PR as ready for review to trigger PR checks." |
@@ -28,7 +28,7 @@ fi
 echo "Getting checks for $GITHUB_SHA"

 # Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
+CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs.[] | select(.conclusion != "skipped") | .name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"

 echo "$CHECKS" | jq

@@ -42,10 +42,9 @@ jobs:
    - id: init
      uses: ./../action/init
      with:
+        # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
+        languages: cpp,csharp,go,java,javascript,python,ruby 
        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/actions/setup-swift
-      with:
-        codeql-path: ${{ steps.init.outputs.codeql-path }}
    - name: Build code
      shell: bash
      run: ./build.sh
@@ -104,6 +104,7 @@ jobs:
  backport:
    timeout-minutes: 45
    runs-on: ubuntu-latest
+    environment: Automation
    needs: [prepare]
    if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' }}
    strategy:
@@ -114,9 +115,18 @@ jobs:
      SOURCE_BRANCH: ${{ needs.prepare.outputs.backport_source_branch }}
      TARGET_BRANCH: ${{ matrix.target_branch }}
    steps:
-    - uses: actions/checkout@v4
+    - name: Generate token
+      uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69
+      id: app-token
+      with:
+        app-id: ${{ vars.AUTOMATION_APP_ID }}
+        private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
+
+    - name: Checkout
+      uses: actions/checkout@v4
      with:
        fetch-depth: 0  # Need full history for calculation of diffs
+        token: ${{ steps.app-token.outputs.token }}
    - uses: ./.github/actions/release-initialise

    - name: Update older release branch
@@ -5,3 +5,7 @@ node_modules/.cache/
 *.class
 # macOS
 .DS_Store
+# eslint sarif report
+eslint.sarif
+# for local incremental compilation
+tsconfig.tsbuildinfo
@@ -4,6 +4,80 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th

 Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

+## 3.26.11 - 03 Oct 2024
+
+- _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts. 
+
+  Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then.
+  
+  This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES. 
+
+## 3.26.10 - 30 Sep 2024
+
+- We are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with [Zstandard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting up CodeQL. [#2502](https://github.com/github/codeql-action/pull/2502)
+
+## 3.26.9 - 24 Sep 2024
+
+No user facing changes.
+
+## 3.26.8 - 19 Sep 2024
+
+- Update default CodeQL bundle version to 2.19.0. [#2483](https://github.com/github/codeql-action/pull/2483)
+
+## 3.26.7 - 13 Sep 2024
+
+- Update default CodeQL bundle version to 2.18.4. [#2471](https://github.com/github/codeql-action/pull/2471)
+
+## 3.26.6 - 29 Aug 2024
+
+- Update default CodeQL bundle version to 2.18.3. [#2449](https://github.com/github/codeql-action/pull/2449)
+
+## 3.26.5 - 23 Aug 2024
+
+- Fix an issue where the `csrutil` system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. [#2441](https://github.com/github/codeql-action/pull/2441)
+
+## 3.26.4 - 21 Aug 2024
+
+- _Deprecation:_ The `add-snippets` input on the `analyze` Action is deprecated and will be removed in the first release in August 2025. [#2436](https://github.com/github/codeql-action/pull/2436)
+- Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. [#2434](https://github.com/github/codeql-action/pull/2434)
+
+## 3.26.3 - 19 Aug 2024
+
+- Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. [#2430](https://github.com/github/codeql-action/pull/2430)
+
+## 3.26.2 - 14 Aug 2024
+
+- Update default CodeQL bundle version to 2.18.2. [#2417](https://github.com/github/codeql-action/pull/2417)
+
+## 3.26.1 - 13 Aug 2024
+
+No user facing changes.
+
+## 3.26.0 - 06 Aug 2024
+
+- _Deprecation:_ Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. [#2403](https://github.com/github/codeql-action/pull/2403)
+- Bump the minimum CodeQL bundle version to 2.13.5. [#2408](https://github.com/github/codeql-action/pull/2408)
+
+## 3.25.15 - 26 Jul 2024
+
+- Update default CodeQL bundle version to 2.18.1. [#2385](https://github.com/github/codeql-action/pull/2385)
+
+## 3.25.14 - 25 Jul 2024
+
+- Experimental: add a new `start-proxy` action which starts the same HTTP proxy as used by [`github/dependabot-action`](https://github.com/github/dependabot-action). Do not use this in production as it is part of an internal experiment and subject to change at any time. [#2376](https://github.com/github/codeql-action/pull/2376)
+
+## 3.25.13 - 19 Jul 2024
+
+- Add `codeql-version` to outputs. [#2368](https://github.com/github/codeql-action/pull/2368)
+- Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. [#2375](https://github.com/github/codeql-action/pull/2375)
+  - If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
+  - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.25.13` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.25.13` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
+
+## 3.25.12 - 12 Jul 2024
+
+- Improve the reliability and performance of analyzing code when analyzing a compiled language with the `autobuild` [build mode](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes) on GitHub Enterprise Server. This feature is already available to GitHub.com users. [#2353](https://github.com/github/codeql-action/pull/2353)
+- Update default CodeQL bundle version to 2.18.0. [#2364](https://github.com/github/codeql-action/pull/2364)
+
 ## 3.25.11 - 28 Jun 2024

 - Avoid failing the workflow run if there is an error while uploading debug artifacts. [#2349](https://github.com/github/codeql-action/pull/2349)
@@ -33,20 +33,19 @@ To provide the best experience to customers using older versions of GitHub Enter

 For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/)."

-## Supported versions of the CodeQL CLI and GitHub Enterprise Server
+## Supported versions of the CodeQL Bundle on GitHub Enterprise Server

-We typically release new minor versions of the CodeQL Action and CLI when a new minor version of GitHub Enterprise Server (GHES) is released. When a version of GHES is deprecated, the CodeQL Action and CLI releases that shipped with it are deprecated as well.
+We typically release new minor versions of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GHES) is released. When a version of GHES is deprecated, the CodeQL Action and Bundle releases that shipped with it are deprecated as well.

-| Recommended CodeQL Action | Recommended CodeQL CLI Version | GitHub Environment |
-|---------|----------|--------------|
-| `v3` | default (do not pass a `tools` input) | GitHub.com |
-| `v3.24.11` | `v2.16.6` | Enterprise Server 3.13 |
-| `3.22.12` | `2.15.5` | Enterprise Server 3.12 |
-| `2.22.1` | `2.14.6` | Enterprise Server 3.11 |
-| `2.20.3` | `2.13.5` | Enterprise Server 3.10 |
-| `2.2.9` | `2.12.5` | Enterprise Server 3.9 |
+| Minimum CodeQL Action | Minimum CodeQL Bundle Version | GitHub Environment | Notes |
+|-----------------------|-------------------------------|--------------------|-------|
+| `v3.25.11` | `2.17.6` | Enterprise Server 3.14 | |
+| `v3.24.11` | `2.16.6` | Enterprise Server 3.13 | |
+| `v3.22.12` | `2.15.5` | Enterprise Server 3.12 | |
+| `v2.22.1` | `2.14.6` | Enterprise Server 3.11 | Supports CodeQL Action v3, but did not ship with CodeQL Action v3. For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/#users-of-github-enterprise-server-311)." |
+| `v2.20.3` | `2.13.5` | Enterprise Server 3.10 | Does not support CodeQL Action v3. |

-CodeQL Action `v2` will stop receiving updates when GHES 3.11 is deprecated.
+CodeQL Action v2 will stop receiving updates when GHES 3.11 is deprecated. 

 See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).

@@ -19,7 +19,7 @@ inputs:
    # If changing this, make sure to update workflow.ts accordingly.
    default: "always"
  cleanup-level:
-    description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --mode flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
+    description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --cache-cleanup flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
    required: false
    default: "brutal"
  ram:
@@ -34,6 +34,11 @@ inputs:
    description: Specify whether or not to add code snippets to the output sarif file.
    required: false
    default: "false"
+    deprecationMessage: >-
+      The input "add-snippets" is deprecated and will be removed on the first release in August 2025.
+      When this input is set to true it is expected to add code snippets with an alert to the SARIF file.
+      However, since Code Scanning ignores code snippets provided as part of a SARIF file this is currently
+      a no operation. No alternative is available.
  skip-queries:
    description: If this option is set, the CodeQL database will be built but no queries will be run on it. Thus, no results will be produced.
    required: false
@@ -69,7 +74,7 @@ inputs:
    required: true
    default: "true"
  token:
-    description: "GitHub token to use for authenticating with this instance of GitHub. The token needs the `security-events: write` permission."
+    description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
    required: false
    default: ${{ github.token }}
  matrix:
@@ -0,0 +1,149 @@
+// Automatically generated by running npx @eslint/migrate-config .eslintrc.json
+
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+import { fixupConfigRules, fixupPluginRules } from "@eslint/compat";
+import { FlatCompat } from "@eslint/eslintrc";
+import js from "@eslint/js";
+import typescriptEslint from "@typescript-eslint/eslint-plugin";
+import tsParser from "@typescript-eslint/parser";
+import filenames from "eslint-plugin-filenames";
+import github from "eslint-plugin-github";
+import _import from "eslint-plugin-import";
+import noAsyncForeach from "eslint-plugin-no-async-foreach";
+import globals from "globals";
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const compat = new FlatCompat({
+  baseDirectory: __dirname,
+  recommendedConfig: js.configs.recommended,
+  allConfig: js.configs.all,
+});
+
+export default [
+  {
+    ignores: [
+      "**/webpack.config.js",
+      "lib/**/*",
+      "src/testdata/**/*",
+      "tests/**/*",
+      "eslint.config.mjs",
+      ".github/**/*",
+    ],
+  },
+  ...fixupConfigRules(
+    compat.extends(
+      "eslint:recommended",
+      "plugin:@typescript-eslint/recommended",
+      "plugin:@typescript-eslint/recommended-requiring-type-checking",
+      "plugin:github/recommended",
+      "plugin:github/typescript",
+      "plugin:import/typescript",
+    ),
+  ),
+  {
+    plugins: {
+      "@typescript-eslint": fixupPluginRules(typescriptEslint),
+      filenames: fixupPluginRules(filenames),
+      github: fixupPluginRules(github),
+      import: fixupPluginRules(_import),
+      "no-async-foreach": noAsyncForeach,
+    },
+
+    languageOptions: {
+      parser: tsParser,
+      ecmaVersion: 5,
+      sourceType: "module",
+
+      globals: {
+        ...globals.node,
+      },
+
+      parserOptions: {
+        project: "./tsconfig.json",
+      },
+    },
+
+    settings: {
+      "import/resolver": {
+        node: {
+          moduleDirectory: ["node_modules", "src"],
+        },
+
+        typescript: {},
+      },
+      "import/ignore": ["sinon", "uuid", "@octokit/plugin-retry"],
+    },
+
+    rules: {
+      "filenames/match-regex": ["error", "^[a-z0-9-]+(\\.test)?$"],
+      "i18n-text/no-en": "off",
+
+      "import/extensions": [
+        "error",
+        {
+          json: {},
+        },
+      ],
+
+      "import/no-amd": "error",
+      "import/no-commonjs": "error",
+      "import/no-cycle": "error",
+      "import/no-dynamic-require": "error",
+
+      "import/no-extraneous-dependencies": [
+        "error",
+        {
+          devDependencies: true,
+        },
+      ],
+
+      "import/no-namespace": "off",
+      "import/no-unresolved": "error",
+      "import/no-webpack-loader-syntax": "error",
+
+      "import/order": [
+        "error",
+        {
+          alphabetize: {
+            order: "asc",
+          },
+
+          "newlines-between": "always",
+        },
+      ],
+
+      "max-len": [
+        "error",
+        {
+          code: 120,
+          ignoreUrls: true,
+          ignoreStrings: true,
+          ignoreTemplateLiterals: true,
+        },
+      ],
+
+      "no-async-foreach/no-async-foreach": "error",
+      "no-sequences": "error",
+      "no-shadow": "off",
+      "@typescript-eslint/no-shadow": "error",
+      "one-var": ["error", "never"],
+    },
+  },
+  {
+    files: ["**/*.ts", "**/*.js"],
+
+    rules: {
+      "@typescript-eslint/no-explicit-any": "off",
+      "@typescript-eslint/no-unsafe-assignment": "off",
+      "@typescript-eslint/no-unsafe-member-access": "off",
+      "@typescript-eslint/no-var-requires": "off",
+      "@typescript-eslint/prefer-regexp-exec": "off",
+      "@typescript-eslint/require-await": "off",
+      "@typescript-eslint/restrict-template-expressions": "off",
+      "func-style": "off",
+    },
+  },
+];
@@ -139,6 +139,8 @@ inputs:
 outputs:
  codeql-path:
    description: The path of the CodeQL binary used for analysis
+  codeql-version:
+    description: The version of the CodeQL binary used for analysis
 runs:
  using: node20
  main: '../lib/init-action.js'
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getFileType = exports.FileCmdNotFoundError = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getOptionalInput = exports.getRequiredInput = void 0;
+exports.CommandInvocationError = exports.getFileType = exports.FileCmdNotFoundError = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getOptionalInput = exports.getRequiredInput = void 0;
 exports.getTemporaryDirectory = getTemporaryDirectory;
 exports.getRef = getRef;
 exports.getActionVersion = getActionVersion;
@@ -37,13 +37,16 @@ exports.getUploadValue = getUploadValue;
 exports.getWorkflowRunID = getWorkflowRunID;
 exports.getWorkflowRunAttempt = getWorkflowRunAttempt;
 exports.isSelfHostedRunner = isSelfHostedRunner;
+exports.prettyPrintInvocation = prettyPrintInvocation;
+exports.ensureEndsInPeriod = ensureEndsInPeriod;
+exports.runTool = runTool;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const safeWhich = __importStar(require("@chrisgavin/safe-which"));
 const util_1 = require("./util");
-// eslint-disable-next-line import/no-commonjs
+// eslint-disable-next-line import/no-commonjs, @typescript-eslint/no-require-imports
 const pkg = require("../package.json");
 /**
 * Wrapper around core.getInput for inputs that always have a value.
@@ -104,7 +107,7 @@ const getCommitOid = async function (checkoutPath, ref = "HEAD") {
        }).exec();
        return commitOid.trim();
    }
-    catch (e) {
+    catch {
        if (stderr.includes("not a git repository")) {
            core.info("Could not determine current commit SHA using git. Continuing with data from user input or environment. " +
                "The checkout path provided to the action does not appear to be a git repository.");
@@ -161,7 +164,7 @@ const determineMergeBaseCommitOid = async function (checkoutPathOverride) {
        }
        return undefined;
    }
-    catch (e) {
+    catch {
        if (stderr.includes("not a git repository")) {
            core.info("The checkout path provided to the action does not appear to be a git repository. " +
                "Will calculate the merge base on the server.");
@@ -429,4 +432,77 @@ exports.getFileType = getFileType;
 function isSelfHostedRunner() {
    return process.env.RUNNER_ENVIRONMENT === "self-hosted";
 }
+function prettyPrintInvocation(cmd, args) {
+    return [cmd, ...args].map((x) => (x.includes(" ") ? `'${x}'` : x)).join(" ");
+}
+/**
+ * An error from a tool invocation, with associated exit code, stderr, etc.
+ */
+class CommandInvocationError extends Error {
+    constructor(cmd, args, exitCode, stderr, stdout) {
+        const prettyCommand = prettyPrintInvocation(cmd, args);
+        const lastLine = ensureEndsInPeriod(stderr.trim().split("\n").pop()?.trim() || "n/a");
+        super(`Failed to run "${prettyCommand}". ` +
+            `Exit code was ${exitCode} and last log line was: ${lastLine} See the logs for more details.`);
+        this.cmd = cmd;
+        this.args = args;
+        this.exitCode = exitCode;
+        this.stderr = stderr;
+        this.stdout = stdout;
+    }
+}
+exports.CommandInvocationError = CommandInvocationError;
+function ensureEndsInPeriod(text) {
+    return text[text.length - 1] === "." ? text : `${text}.`;
+}
+/**
+ * A constant defining the maximum number of characters we will keep from
+ * the programs stderr for logging.
+ *
+ * This serves two purposes:
+ * 1. It avoids an OOM if a program fails in a way that results it
+ *    printing many log lines.
+ * 2. It avoids us hitting the limit of how much data we can send in our
+ *    status reports on GitHub.com.
+ */
+const MAX_STDERR_BUFFER_SIZE = 20000;
+/**
+ * Runs a CLI tool.
+ *
+ * @returns Standard output produced by the tool.
+ * @throws A `CommandInvocationError` if the tool exits with a non-zero status code.
+ */
+async function runTool(cmd, args = [], opts = {}) {
+    let stdout = "";
+    let stderr = "";
+    process.stdout.write(`[command]${cmd} ${args.join(" ")}\n`);
+    const exitCode = await new toolrunner.ToolRunner(cmd, args, {
+        ignoreReturnCode: true,
+        listeners: {
+            stdout: (data) => {
+                stdout += data.toString("utf8");
+                if (!opts.noStreamStdout) {
+                    process.stdout.write(data);
+                }
+            },
+            stderr: (data) => {
+                let readStartIndex = 0;
+                // If the error is too large, then we only take the last MAX_STDERR_BUFFER_SIZE characters
+                if (data.length - MAX_STDERR_BUFFER_SIZE > 0) {
+                    // Eg: if we have MAX_STDERR_BUFFER_SIZE the start index should be 2.
+                    readStartIndex = data.length - MAX_STDERR_BUFFER_SIZE + 1;
+                }
+                stderr += data.toString("utf8", readStartIndex);
+                // Mimic the standard behavior of the toolrunner by writing stderr to stdout
+                process.stdout.write(data);
+            },
+        },
+        silent: true,
+        ...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
+    }).exec();
+    if (exitCode !== 0) {
+        throw new CommandInvocationError(cmd, args, exitCode, stderr, stdout);
+    }
+    return stdout;
+}
 //# sourceMappingURL=actions-util.js.map
@@ -77,6 +77,7 @@ const util = __importStar(require("./util"));
        process.env["CODEQL_RAM"] = "4992";
        const runFinalizeStub = sinon.stub(analyze, "runFinalize");
        const runQueriesStub = sinon.stub(analyze, "runQueries");
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
        const analyzeAction = require("./analyze-action");
        // When analyze-action.ts loads, it runs an async function from the top
        // level but does not wait for it to finish. To ensure that calls to
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
@@ -77,6 +77,7 @@ const util = __importStar(require("./util"));
        optionalInputStub.withArgs("ram").returns("3012");
        const runFinalizeStub = sinon.stub(analyze, "runFinalize");
        const runQueriesStub = sinon.stub(analyze, "runQueries");
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
        const analyzeAction = require("./analyze-action");
        // When analyze-action.ts loads, it runs an async function from the top
        // level but does not wait for it to finish. To ensure that calls to
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
@@ -1,44 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.run = run;
-const core = __importStar(require("@actions/core"));
-const actionsUtil = __importStar(require("./actions-util"));
-const config_utils_1 = require("./config-utils");
-const logging_1 = require("./logging");
-async function run(uploadSarifDebugArtifact) {
-    const logger = (0, logging_1.getActionsLogger)();
-    const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
-    if (config === undefined) {
-        throw new Error("Config file could not be found at expected location. Did the 'init' action fail to start?");
-    }
-    // Upload Actions SARIF artifacts for debugging
-    if (config?.debugMode) {
-        core.info("Debug mode is on. Uploading available SARIF files as Actions debugging artifact...");
-        const outputDir = actionsUtil.getRequiredInput("output");
-        await uploadSarifDebugArtifact(config, outputDir);
-    }
-}
-//# sourceMappingURL=analyze-action-post-helper.js.map
@@ -1 +0,0 @@
-{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAMA,kBAuBC;AA7BD,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAmD;AACnD,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CACvB,wBAGkB;IAElB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;AACH,CAAC"}
@@ -1,73 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const ava_1 = __importDefault(require("ava"));
-const sinon = __importStar(require("sinon"));
-const actionsUtil = __importStar(require("./actions-util"));
-const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
-const configUtils = __importStar(require("./config-utils"));
-const testing_utils_1 = require("./testing-utils");
-const util = __importStar(require("./util"));
-(0, testing_utils_1.setupTests)(ava_1.default);
-(0, ava_1.default)("post: analyze action with debug mode off", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env["RUNNER_TEMP"] = tmpDir;
-        const gitHubVersion = {
-            type: util.GitHubVariant.DOTCOM,
-        };
-        sinon.stub(configUtils, "getConfig").resolves({
-            debugMode: false,
-            gitHubVersion,
-            languages: [],
-            packs: [],
-        });
-        const uploadSarifSpy = sinon.spy();
-        await analyzeActionPostHelper.run(uploadSarifSpy);
-        t.assert(uploadSarifSpy.notCalled);
-    });
-});
-(0, ava_1.default)("post: analyze action with debug mode on", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env["RUNNER_TEMP"] = tmpDir;
-        const gitHubVersion = {
-            type: util.GitHubVariant.DOTCOM,
-        };
-        sinon.stub(configUtils, "getConfig").resolves({
-            debugMode: true,
-            gitHubVersion,
-            languages: [],
-            packs: [],
-        });
-        const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
-        requiredInputStub.withArgs("output").returns("fake-output-dir");
-        const uploadSarifSpy = sinon.spy();
-        await analyzeActionPostHelper.run(uploadSarifSpy);
-        t.assert(uploadSarifSpy.called);
-    });
-});
-//# sourceMappingURL=analyze-action-post-helper.test.js.map
@@ -1 +0,0 @@
-{"version":3,"file":"analyze-action-post-helper.test.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,sFAAwE;AACxE,4DAA8C;AAC9C,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,0CAA0C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,KAAK;YAChB,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,IAAI;YACf,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAEhE,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
@@ -29,19 +29,33 @@ Object.defineProperty(exports, "__esModule", { value: true });
 * other `post:` hooks.
 */
 const core = __importStar(require("@actions/core"));
-const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
+const actions_util_1 = require("./actions-util");
+const api_client_1 = require("./api-client");
+const config_utils_1 = require("./config-utils");
 const debugArtifacts = __importStar(require("./debug-artifacts"));
-const uploadSarifActionPostHelper = __importStar(require("./upload-sarif-action-post-helper"));
+const environment_1 = require("./environment");
+const feature_flags_1 = require("./feature-flags");
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
 const util_1 = require("./util");
 async function runWrapper() {
    try {
-        await analyzeActionPostHelper.run(debugArtifacts.uploadSarifDebugArtifact);
-        // Also run the upload-sarif post action since we're potentially running
-        // the same steps in the analyze action.
-        await uploadSarifActionPostHelper.uploadArtifacts(debugArtifacts.uploadDebugArtifacts);
+        const logger = (0, logging_1.getActionsLogger)();
+        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
+        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
+        const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
+        // Upload SARIF artifacts if we determine that this is a first-party analysis run.
+        // For third-party runs, this artifact will be uploaded in the `upload-sarif-post` step.
+        if (process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] === "true") {
+            const config = await (0, config_utils_1.getConfig)((0, actions_util_1.getTemporaryDirectory)(), logger);
+            if (config !== undefined) {
+                await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", () => debugArtifacts.uploadCombinedSarifArtifacts(logger, config.gitHubVersion.type, features));
+            }
+        }
    }
    catch (error) {
-        core.setFailed(`analyze post-action step failed: ${(0, util_1.wrapError)(error).message}`);
+        core.setFailed(`analyze post-action step failed: ${(0, util_1.getErrorMessage)(error)}`);
    }
 }
 void runWrapper();
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,+FAAiF;AACjF,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;QAE3E,wEAAwE;QACxE,wCAAwC;QACxC,MAAM,2BAA2B,CAAC,eAAe,CAC/C,cAAc,CAAC,oBAAoB,CACpC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,iDAAuD;AACvD,6CAAgD;AAChD,iDAA2C;AAC3C,kEAAoD;AACpD,+CAAuC;AACvC,mDAA2C;AAC3C,uCAAwD;AACxD,6CAAkD;AAClD,iCAIgB;AAEhB,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,kFAAkF;QAClF,wFAAwF;QACxF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;YAChE,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CACzC,MAAM,EACN,MAAM,CAAC,aAAa,CAAC,IAAI,EACzB,QAAQ,CACT,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
@@ -50,7 +50,7 @@ const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
 async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanup, logger) {
    const status = (0, status_report_1.getActionsStatus)(error, stats?.analyze_failure_language);
-    const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, status, startedAt, config, await util.checkDiskUsage(), logger, error?.message, error?.stack);
+    const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, status, startedAt, config, await util.checkDiskUsage(logger), logger, error?.message, error?.stack);
    if (statusReportBase !== undefined) {
        const report = {
            ...statusReportBase,
@@ -108,7 +108,7 @@ function doesGoExtractionOutputExist(config) {
 * - We approximate whether manual build steps are present by looking at
 * whether any extraction output already exists for Go.
 */
-async function runAutobuildIfLegacyGoWorkflow(config, features, logger) {
+async function runAutobuildIfLegacyGoWorkflow(config, logger) {
    if (!config.languages.includes(languages_1.Language.go)) {
        return;
    }
@@ -135,7 +135,7 @@ async function runAutobuildIfLegacyGoWorkflow(config, features, logger) {
        return;
    }
    logger.debug("Running Go autobuild because extraction output (TRAP files) for Go code has not been found.");
-    await (0, autobuild_1.runAutobuild)(config, languages_1.Language.go, features, logger);
+    await (0, autobuild_1.runAutobuild)(config, languages_1.Language.go, logger);
 }
 async function run() {
    const startedAt = new Date();
@@ -163,6 +163,7 @@ async function run() {
        }
        const apiDetails = (0, api_client_1.getApiDetails)();
        const outputDir = actionsUtil.getRequiredInput("output");
+        core.exportVariable(environment_1.EnvVar.SARIF_RESULTS_OUTPUT_DIR, outputDir);
        const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
        const repositoryNwo = (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY"));
        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
@@ -170,8 +171,8 @@ async function run() {
        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
        const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger);
        await (0, analyze_1.warnIfGoInstalledAfterInit)(config, logger);
-        await runAutobuildIfLegacyGoWorkflow(config, features, logger);
-        dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, codeql, config, features, logger);
+        await runAutobuildIfLegacyGoWorkflow(config, logger);
+        dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, codeql, config, logger);
        if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
            runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, actionsUtil.getOptionalInput("category"), config, logger, features);
        }
@@ -186,7 +187,7 @@ async function run() {
        core.setOutput("sarif-output", path_1.default.resolve(outputDir));
        const uploadInput = actionsUtil.getOptionalInput("upload");
        if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") {
-            uploadResult = await uploadLib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger);
+            uploadResult = await uploadLib.uploadFiles(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), features, logger);
            core.setOutput("sarif-id", uploadResult.sarifID);
        }
        else {
@@ -220,13 +221,9 @@ async function run() {
            hasBadExpectErrorInput()) {
            core.setFailed(error.message);
        }
-        if (error instanceof analyze_1.CodeQLAnalysisError) {
-            const stats = { ...error.queriesStatusReport };
-            await sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
-        }
-        else {
-            await sendStatusReport(startedAt, config, undefined, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
-        }
+        await sendStatusReport(startedAt, config, error instanceof analyze_1.CodeQLAnalysisError
+            ? error.queriesStatusReport
+            : undefined, error instanceof analyze_1.CodeQLAnalysisError ? error.error : error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
        return;
    }
    if (runStats && uploadResult) {
@@ -248,7 +245,7 @@ async function runWrapper() {
        await exports.runPromise;
    }
    catch (error) {
-        core.setFailed(`analyze action failed: ${util.wrapError(error).message}`);
+        core.setFailed(`analyze action failed: ${util.getErrorMessage(error)}`);
    }
    await util.checkForTimeout();
 }
@@ -51,10 +51,12 @@ const upload_lib_1 = require("./upload-lib");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 class CodeQLAnalysisError extends Error {
-    constructor(queriesStatusReport, message) {
+    constructor(queriesStatusReport, message, error) {
        super(message);
-        this.name = "CodeQLAnalysisError";
        this.queriesStatusReport = queriesStatusReport;
+        this.message = message;
+        this.error = error;
+        this.name = "CodeQLAnalysisError";
    }
 }
 exports.CodeQLAnalysisError = CodeQLAnalysisError;
@@ -106,7 +108,7 @@ function dbIsFinalized(config, language, logger) {
        const dbInfo = yaml.load(fs.readFileSync(path.resolve(dbPath, "codeql-database.yml"), "utf8"));
        return !("inProgress" in dbInfo);
    }
-    catch (e) {
+    catch {
        logger.warning(`Could not check whether database for ${language} was finalized. Assuming it is not.`);
        return false;
    }
@@ -184,13 +186,13 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
        }
        catch (e) {
            statusReport.analyze_failure_language = language;
-            throw new CodeQLAnalysisError(statusReport, `Error running analysis for ${language}: ${util.wrapError(e).message}`);
+            throw new CodeQLAnalysisError(statusReport, `Error running analysis for ${language}: ${util.getErrorMessage(e)}`, util.wrapError(e));
        }
    }
    return statusReport;
    async function runInterpretResults(language, queries, sarifFile, enableDebugLogging) {
        const databasePath = util.getCodeQLDatabasePath(config, language);
-        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, features, logger);
+        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, features);
    }
    /** Get an object with all queries and their counts parsed from a SARIF file path. */
    function getPerQueryAlertCounts(sarifPath, log) {
@@ -217,7 +219,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
        return await codeql.databasePrintBaseline(databasePath);
    }
 }
-async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, features, logger) {
+async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, logger) {
    try {
        await (0, del_1.default)(outputDir, { force: true });
    }
@@ -230,7 +232,7 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, f
    const timings = await finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag, logger);
    // If we didn't already end tracing in the autobuild Action, end it now.
    if (process.env[environment_1.EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY] !== "true") {
-        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger, features);
+        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger);
    }
    return timings;
 }
@@ -123,6 +123,13 @@ async function getWorkflowRelativePath() {
        run_id,
    });
    const workflowUrl = runsResponse.data.workflow_url;
+    const requiredWorkflowRegex = /\/repos\/[^/]+\/[^/]+\/actions\/required_workflows\/[^/]+/;
+    if (!workflowUrl || requiredWorkflowRegex.test(workflowUrl)) {
+        // For required workflows, the workflowUrl is invalid so we cannot fetch more informations
+        // about the workflow.
+        // However, the path is available in the original response.
+        return runsResponse.data.path;
+    }
    const workflowResponse = await apiClient.request(`GET ${workflowUrl}`);
    return workflowResponse.data.path;
 }
@@ -1 +1 @@
-{ "maximumVersion": "3.14", "minimumVersion": "3.9" }
+{ "maximumVersion": "3.15", "minimumVersion": "3.10" }
@@ -30,9 +30,7 @@ const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const environment_1 = require("./environment");
-const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
-const repository_1 = require("./repository");
 const status_report_1 = require("./status-report");
 const tracer_config_1 = require("./tracer-config");
 const util_1 = require("./util");
@@ -63,8 +61,6 @@ async function run() {
        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
        (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);
-        const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
-        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
        config = await (0, config_utils_1.getConfig)((0, actions_util_1.getTemporaryDirectory)(), logger);
        if (config === undefined) {
            throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
@@ -79,12 +75,12 @@ async function run() {
            }
            for (const language of languages) {
                currentLanguage = language;
-                await (0, autobuild_1.runAutobuild)(config, language, features, logger);
+                await (0, autobuild_1.runAutobuild)(config, language, logger);
            }
        }
        // End tracing early to avoid tracing analyze. This improves the performance and reliability of
        // the analyze step.
-        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger, features);
+        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger);
    }
    catch (unwrappedError) {
        const error = (0, util_1.wrapError)(unwrappedError);
@@ -100,7 +96,7 @@ async function runWrapper() {
        await run();
    }
    catch (error) {
-        core.setFailed(`autobuild action failed. ${(0, util_1.wrapError)(error).message}`);
+        core.setFailed(`autobuild action failed. ${(0, util_1.getErrorMessage)(error)}`);
    }
 }
 void runWrapper();
@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AACvC,mDAA2C;AAE3C,uCAAqD;AACrD,6CAAkD;AAClD,mDAMyB;AACzB,mDAAuD;AACvD,iCAOgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,+FAA+F;QAC/F,oBAAoB;QACpB,MAAM,IAAA,oCAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC/D,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AAEvC,uCAAqD;AACrD,mDAMyB;AACzB,mDAAuD;AACvD,iCAOgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,+FAA+F;QAC/F,oBAAoB;QACpB,MAAM,IAAA,oCAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
@@ -30,6 +30,7 @@ const core = __importStar(require("@actions/core"));
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
+const doc_url_1 = require("./doc-url");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
@@ -103,15 +104,13 @@ async function determineAutobuildLanguages(codeql, config, logger) {
        logger.warning(`We will only automatically build ${languages.join(" and ")} code. If you wish to scan ${autobuildLanguagesWithoutGo
            .slice(1)
            .join(" and ")}, you must replace the autobuild step of your workflow with custom build steps. ` +
-            "For more information, see " +
-            "https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language");
+            `See ${doc_url_1.DocUrl.SPECIFY_BUILD_STEPS_MANUALLY} for more information.`);
    }
    return languages;
 }
 async function setupCppAutobuild(codeql, logger) {
    const envVar = feature_flags_1.featureConfig[feature_flags_1.Feature.CppDependencyInstallation].envVar;
    const featureName = "C++ automatic installation of dependencies";
-    const envDoc = "https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow";
    const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
    const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
    const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
@@ -120,12 +119,12 @@ async function setupCppAutobuild(codeql, logger) {
        if (process.env["RUNNER_ENVIRONMENT"] === "self-hosted" &&
            process.env[envVar] !== "true") {
            logger.info(`Disabling ${featureName} as we are on a self-hosted runner.${(0, actions_util_1.getWorkflowEventName)() !== "dynamic"
-                ? ` To override this, set the ${envVar} environment variable to 'true' in your workflow (see ${envDoc}).`
+                ? ` To override this, set the ${envVar} environment variable to 'true' in your workflow. See ${doc_url_1.DocUrl.DEFINE_ENV_VARIABLES} for more information.`
                : ""}`);
            core.exportVariable(envVar, "false");
        }
        else {
-            logger.info(`Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false' (see ${envDoc}).`);
+            logger.info(`Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false'. See ${doc_url_1.DocUrl.DEFINE_ENV_VARIABLES} for more information.`);
            core.exportVariable(envVar, "true");
        }
    }
@@ -134,14 +133,14 @@ async function setupCppAutobuild(codeql, logger) {
        core.exportVariable(envVar, "false");
    }
 }
-async function runAutobuild(config, language, features, logger) {
+async function runAutobuild(config, language, logger) {
    logger.startGroup(`Attempting to automatically build ${language} code`);
    const codeQL = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
    if (language === languages_1.Language.cpp) {
        await setupCppAutobuild(codeQL, logger);
    }
    if (config.buildMode &&
-        (await features.getValue(feature_flags_1.Feature.AutobuildDirectTracing, codeQL))) {
+        (await codeQL.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
        await codeQL.extractUsingBuildMode(config, language);
    }
    else {
@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAmBA,kEAgGC;AAED,8CAuCC;AAED,oCAuBC;AArLD,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,+CAAuC;AACvC,mDAKyB;AACzB,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAAwD;AAEjD,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,QAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC,EACjE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAeA,kEA+FC;AAED,8CAqCC;AAED,oCAsBC;AA7KD,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,uCAAmC;AACnC,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAAwD;AAEjD,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,OAAO,gBAAM,CAAC,4BAA4B,wBAAwB,CACrE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,gBAAM,CAAC,oBAAoB,wBAAwB;gBAClJ,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,gBAAM,CAAC,oBAAoB,wBAAwB,CACnK,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,EACrE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC"}
@@ -1,38 +1,33 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.cliErrorsConfig = exports.CliConfigErrorCategory = exports.CommandInvocationError = void 0;
+exports.cliErrorsConfig = exports.CliConfigErrorCategory = exports.CliError = void 0;
 exports.getCliConfigCategoryIfExists = getCliConfigCategoryIfExists;
 exports.wrapCliConfigurationError = wrapCliConfigurationError;
+const actions_util_1 = require("./actions-util");
+const doc_url_1 = require("./doc-url");
 const util_1 = require("./util");
 /**
- * A class of Error that we can classify as an error stemming from a CLI
- * invocation, with associated exit code, stderr,etc.
+ * An error from a CodeQL CLI invocation, with associated exit code, stderr, etc.
 */
-class CommandInvocationError extends Error {
-    constructor(cmd, args, exitCode, stderr, stdout) {
-        const prettyCommand = [cmd, ...args]
-            .map((x) => (x.includes(" ") ? `'${x}'` : x))
-            .join(" ");
+class CliError extends Error {
+    constructor({ cmd, args, exitCode, stderr }) {
+        const prettyCommand = (0, actions_util_1.prettyPrintInvocation)(cmd, args);
        const fatalErrors = extractFatalErrors(stderr);
        const autobuildErrors = extractAutobuildErrors(stderr);
        let message;
        if (fatalErrors) {
            message =
                `Encountered a fatal error while running "${prettyCommand}". ` +
-                    `Exit code was ${exitCode} and error was: ${fatalErrors.trim()} See the logs for more details.`;
+                    `Exit code was ${exitCode} and error was: ${(0, actions_util_1.ensureEndsInPeriod)(fatalErrors.trim())} See the logs for more details.`;
        }
        else if (autobuildErrors) {
-            const autobuildHelpLink = "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed";
            message =
                "We were unable to automatically build your code. Please provide manual build steps. " +
-                    `For more information, see ${autobuildHelpLink}. ` +
+                    `See ${doc_url_1.DocUrl.AUTOMATIC_BUILD_FAILED} for more information. ` +
                    `Encountered the following error: ${autobuildErrors}`;
        }
        else {
-            let lastLine = stderr.trim().split("\n").pop()?.trim() || "";
-            if (lastLine[lastLine.length - 1] !== ".") {
-                lastLine += ".";
-            }
+            const lastLine = (0, actions_util_1.ensureEndsInPeriod)(stderr.trim().split("\n").pop()?.trim() || "n/a");
            message =
                `Encountered a fatal error while running "${prettyCommand}". ` +
                    `Exit code was ${exitCode} and last log line was: ${lastLine} See the logs for more details.`;
@@ -40,10 +35,9 @@ class CommandInvocationError extends Error {
        super(message);
        this.exitCode = exitCode;
        this.stderr = stderr;
-        this.stdout = stdout;
    }
 }
-exports.CommandInvocationError = CommandInvocationError;
+exports.CliError = CliError;
 /**
 * Provide a better error message from the stderr of a CLI invocation that failed with a fatal
 * error.
@@ -74,7 +68,7 @@ exports.CommandInvocationError = CommandInvocationError;
 * the Actions UI.
 */
 function extractFatalErrors(error) {
-    const fatalErrorRegex = /.*fatal error occurred:/gi;
+    const fatalErrorRegex = /.*fatal (internal )?error occurr?ed(. Details)?:/gi;
    let fatalErrors = [];
    let lastFatalErrorIndex;
    let match;
@@ -92,10 +86,10 @@ function extractFatalErrors(error) {
        }
        const isOneLiner = !fatalErrors.some((e) => e.includes("\n"));
        if (isOneLiner) {
-            fatalErrors = fatalErrors.map(ensureEndsInPeriod);
+            fatalErrors = fatalErrors.map(actions_util_1.ensureEndsInPeriod);
        }
        return [
-            ensureEndsInPeriod(lastError),
+            (0, actions_util_1.ensureEndsInPeriod)(lastError),
            "Context:",
            ...fatalErrors.reverse(),
        ].join(isOneLiner ? " " : "\n");
@@ -112,12 +106,10 @@ function extractAutobuildErrors(error) {
    }
    return errorLines.join("\n") || undefined;
 }
-function ensureEndsInPeriod(text) {
-    return text[text.length - 1] === "." ? text : `${text}.`;
-}
 /** Error messages from the CLI that we consider configuration errors and handle specially. */
 var CliConfigErrorCategory;
 (function (CliConfigErrorCategory) {
+    CliConfigErrorCategory["AutobuildError"] = "AutobuildError";
    CliConfigErrorCategory["ExternalRepositoryCloneFailed"] = "ExternalRepositoryCloneFailed";
    CliConfigErrorCategory["GradleBuildFailed"] = "GradleBuildFailed";
    CliConfigErrorCategory["IncompatibleWithActionVersion"] = "IncompatibleWithActionVersion";
@@ -141,6 +133,11 @@ var CliConfigErrorCategory;
 * would like to categorize an error as a configuration error or not.
 */
 exports.cliErrorsConfig = {
+    [CliConfigErrorCategory.AutobuildError]: {
+        cliErrorMessageCandidates: [
+            new RegExp("We were unable to automatically build your code"),
+        ],
+    },
    [CliConfigErrorCategory.ExternalRepositoryCloneFailed]: {
        cliErrorMessageCandidates: [
            new RegExp("Failed to clone external Git repository"),
@@ -264,9 +261,6 @@ function getCliConfigCategoryIfExists(cliError) {
 * simply returns the original error.
 */
 function wrapCliConfigurationError(cliError) {
-    if (!(cliError instanceof CommandInvocationError)) {
-        return cliError;
-    }
    const cliConfigErrorCategory = getCliConfigCategoryIfExists(cliError);
    if (cliConfigErrorCategory === undefined) {
        return cliError;
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = void 0;
+exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = void 0;
 exports.setupCodeQL = setupCodeQL;
 exports.getCodeQL = getCodeQL;
 exports.setCodeQL = setCodeQL;
@@ -42,6 +42,7 @@ const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
 const actions_util_1 = require("./actions-util");
 const cli_errors_1 = require("./cli-errors");
+const doc_url_1 = require("./doc-url");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const setupCodeql = __importStar(require("./setup-codeql"));
@@ -62,19 +63,19 @@ let cachedCodeQL = undefined;
 * The version flags below can be used to conditionally enable certain features
 * on versions newer than this.
 */
-const CODEQL_MINIMUM_VERSION = "2.12.6";
+const CODEQL_MINIMUM_VERSION = "2.13.5";
 /**
 * This version will shortly become the oldest version of CodeQL that the Action will run with.
 */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.12.6";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.13.5";
 /**
 * This is the version of GHES that was most recently deprecated.
 */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.8";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.9";
 /**
 * This is the deprecation date for the version of GHES that was most recently deprecated.
 */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-03-26";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-07-09";
 /** The CLI verbosity level to use for extraction in debug mode. */
 const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 /*
@@ -84,14 +85,6 @@ const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 * For convenience, please keep these in descending order. Once a version
 * flag is older than the oldest supported version above, it may be removed.
 */
-/**
- * Versions 2.13.1+ of the CodeQL CLI fix a bug where diagnostics export could produce invalid SARIF.
- */
-exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = "2.13.1";
-/**
- * Versions 2.13.4+ of the CodeQL CLI support the `resolve build-environment` command.
- */
-exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = "2.13.4";
 /**
 * Versions 2.14.2+ of the CodeQL CLI support language-specific baseline configuration.
 */
@@ -112,6 +105,10 @@ exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = "2.15.0";
 * Versions 2.15.2+ of the CodeQL CLI support the `--sarif-include-query-help` option.
 */
 const CODEQL_VERSION_INCLUDE_QUERY_HELP = "2.15.2";
+/**
+ * Versions 2.17.1+ of the CodeQL CLI support the `--cache-cleanup` option.
+ */
+const CODEQL_VERSION_CACHE_CLEANUP = "2.17.1";
 /**
 * Set up CodeQL CLI access.
 *
@@ -125,9 +122,10 @@ const CODEQL_VERSION_INCLUDE_QUERY_HELP = "2.15.2";
 *        version requirement. Must be set to true outside tests.
 * @returns a { CodeQL, toolsVersion } object.
 */
-async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) {
+async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) {
    try {
-        const { codeqlFolder, toolsDownloadDurationMs, toolsSource, toolsVersion } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger);
+        const { codeqlFolder, toolsDownloadStatusReport, toolsSource, toolsVersion, zstdAvailability, } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger);
+        logger.debug(`Bundle download status report: ${JSON.stringify(toolsDownloadStatusReport)}`);
        let codeqlCmd = path.join(codeqlFolder, "codeql", "codeql");
        if (process.platform === "win32") {
            codeqlCmd += ".exe";
@@ -138,13 +136,14 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
        cachedCodeQL = await getCodeQLForCmd(codeqlCmd, checkVersion);
        return {
            codeql: cachedCodeQL,
-            toolsDownloadDurationMs,
+            toolsDownloadStatusReport,
            toolsSource,
            toolsVersion,
+            zstdAvailability,
        };
    }
    catch (e) {
-        throw new Error(`Unable to download and extract CodeQL CLI: ${(0, util_1.wrapError)(e).message}`);
+        throw new Error(`Unable to download and extract CodeQL CLI: ${(0, util_1.getErrorMessage)(e)}`);
    }
 }
 /**
@@ -242,11 +241,11 @@ async function getCodeQLForCmd(cmd, checkVersion) {
        async getVersion() {
            let result = util.getCachedCodeQlVersion();
            if (result === undefined) {
-                const output = await runTool(cmd, ["version", "--format=json"]);
+                const output = await runCli(cmd, ["version", "--format=json"]);
                try {
                    result = JSON.parse(output);
                }
-                catch (err) {
+                catch {
                    throw Error(`Invalid JSON output from \`version --format=json\`: ${output}`);
                }
                util.cacheCodeQlVersion(result);
@@ -254,14 +253,14 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            return result;
        },
        async printVersion() {
-            await runTool(cmd, ["version", "--format=json"]);
+            await runCli(cmd, ["version", "--format=json"]);
        },
        async supportsFeature(feature) {
            return (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), feature);
        },
-        async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, features, logger) {
+        async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, logger) {
            const extraArgs = config.languages.map((language) => `--language=${language}`);
-            if (await (0, tracer_config_1.shouldEnableIndirectTracing)(codeql, config, features)) {
+            if (await (0, tracer_config_1.shouldEnableIndirectTracing)(codeql, config)) {
                extraArgs.push("--begin-tracing");
                extraArgs.push(...(await getTrapCachingExtractorConfigArgs(config)));
                extraArgs.push(`--trace-process-name=${processName}`);
@@ -291,7 +290,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            const overwriteFlag = (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), tools_features_1.ToolsFeature.ForceOverwrite)
                ? "--force-overwrite"
                : "--overwrite";
-            await runTool(cmd, [
+            await runCli(cmd, [
                "database",
                "init",
                overwriteFlag,
@@ -326,10 +325,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            // When `DYLD_INSERT_LIBRARIES` is set in the environment for a step,
            // the Actions runtime introduces its own workaround for SIP
            // (https://github.com/actions/runner/pull/416).
-            await runTool(autobuildCmd);
+            await runCli(autobuildCmd);
        },
        async extractScannedLanguage(config, language) {
-            await runTool(cmd, [
+            await runCli(cmd, [
                "database",
                "trace-command",
                "--index-traceless-dbs",
@@ -344,7 +343,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                applyAutobuildAzurePipelinesTimeoutFix();
            }
            try {
-                await runTool(cmd, [
+                await runCli(cmd, [
                    "database",
                    "trace-command",
                    "--use-build-mode",
@@ -360,12 +359,8 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                if (config.buildMode === util_1.BuildMode.Autobuild) {
                    const prefix = "We were unable to automatically build your code. " +
                        "Please change the build mode for this language to manual and specify build steps " +
-                        "for your project. For more information, see " +
-                        "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed.";
-                    const ErrorConstructor = e instanceof util.ConfigurationError
-                        ? util.ConfigurationError
-                        : Error;
-                    throw new ErrorConstructor(`${prefix} ${util.wrapError(e).message}`);
+                        `for your project. See ${doc_url_1.DocUrl.AUTOMATIC_BUILD_FAILED} for more information.`;
+                    throw new util.ConfigurationError(`${prefix} ${(0, util_1.getErrorMessage)(e)}`);
                }
                else {
                    throw e;
@@ -383,7 +378,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                ...getExtraOptionsFromEnv(["database", "finalize"]),
                databasePath,
            ];
-            await runTool(cmd, args);
+            await runCli(cmd, args);
        },
        async resolveLanguages() {
            const codeqlArgs = [
@@ -392,7 +387,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                "--format=json",
                ...getExtraOptionsFromEnv(["resolve", "languages"]),
            ];
-            const output = await runTool(cmd, codeqlArgs);
+            const output = await runCli(cmd, codeqlArgs);
            try {
                return JSON.parse(output);
            }
@@ -409,7 +404,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                ...(await getLanguageAliasingArguments(this)),
                ...getExtraOptionsFromEnv(["resolve", "languages"]),
            ];
-            const output = await runTool(cmd, codeqlArgs);
+            const output = await runCli(cmd, codeqlArgs);
            try {
                return JSON.parse(output);
            }
@@ -428,7 +423,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            if (extraSearchPath !== undefined) {
                codeqlArgs.push("--additional-packs", extraSearchPath);
            }
-            const output = await runTool(cmd, codeqlArgs);
+            const output = await runCli(cmd, codeqlArgs);
            try {
                return JSON.parse(output);
            }
@@ -447,7 +442,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            if (workingDir !== undefined) {
                codeqlArgs.push("--working-dir", workingDir);
            }
-            const output = await runTool(cmd, codeqlArgs);
+            const output = await runCli(cmd, codeqlArgs);
            try {
                return JSON.parse(output);
            }
@@ -471,22 +466,17 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            if (await util.codeQlVersionAtLeast(this, feature_flags_1.CODEQL_VERSION_FINE_GRAINED_PARALLELISM)) {
                codeqlArgs.push("--intra-layer-parallelism");
            }
-            await runTool(cmd, codeqlArgs);
+            await runCli(cmd, codeqlArgs);
        },
-        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) {
+        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features) {
            const shouldExportDiagnostics = await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, this);
-            const shouldWorkaroundInvalidNotifications = shouldExportDiagnostics &&
-                !(await isDiagnosticsExportInvalidSarifFixed(this));
-            const codeqlOutputFile = shouldWorkaroundInvalidNotifications
-                ? path.join(config.tempDir, "codeql-intermediate-results.sarif")
-                : sarifFile;
            const codeqlArgs = [
                "database",
                "interpret-results",
                threadsFlag,
                "--format=sarif-latest",
                verbosityFlag,
-                `--output=${codeqlOutputFile}`,
+                `--output=${sarifFile}`,
                addSnippetsFlag,
                "--print-diagnostics-summary",
                "--print-metrics-summary",
@@ -494,6 +484,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                `--sarif-codescanning-config=${getGeneratedCodeScanningConfigPath(config)}`,
                "--sarif-group-rules-by-pack",
                ...(await getCodeScanningQueryHelpArguments(this)),
+                ...(await getJobRunUuidSarifOptions(this)),
                ...getExtraOptionsFromEnv(["database", "interpret-results"]),
            ];
            if (automationDetailsId !== undefined) {
@@ -521,13 +512,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            }
            // Capture the stdout, which contains the analysis summary. Don't stream it to the Actions
            // logs to avoid printing it twice.
-            const analysisSummary = await runTool(cmd, codeqlArgs, {
+            return await runCli(cmd, codeqlArgs, {
                noStreamStdout: true,
            });
-            if (shouldWorkaroundInvalidNotifications) {
-                util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
-            }
-            return analysisSummary;
        },
        async databasePrintBaseline(databasePath) {
            const codeqlArgs = [
@@ -536,7 +523,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                ...getExtraOptionsFromEnv(["database", "print-baseline"]),
                databasePath,
            ];
-            return await runTool(cmd, codeqlArgs);
+            return await runCli(cmd, codeqlArgs);
        },
        /**
         * Download specified packs into the package cache. If the specified
@@ -564,7 +551,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                ...getExtraOptionsFromEnv(["pack", "download"]),
                ...packs,
            ];
-            const output = await runTool(cmd, codeqlArgs);
+            const output = await runCli(cmd, codeqlArgs);
            try {
                const parsedOutput = JSON.parse(output);
                if (Array.isArray(parsedOutput.packs) &&
@@ -583,14 +570,17 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            }
        },
        async databaseCleanup(databasePath, cleanupLevel) {
+            const cacheCleanupFlag = (await util.codeQlVersionAtLeast(this, CODEQL_VERSION_CACHE_CLEANUP))
+                ? "--cache-cleanup"
+                : "--mode";
            const codeqlArgs = [
                "database",
                "cleanup",
                databasePath,
-                `--mode=${cleanupLevel}`,
+                `${cacheCleanupFlag}=${cleanupLevel}`,
                ...getExtraOptionsFromEnv(["database", "cleanup"]),
            ];
-            await runTool(cmd, codeqlArgs);
+            await runCli(cmd, codeqlArgs);
        },
        async databaseBundle(databasePath, outputFilePath, databaseName) {
            const args = [
@@ -603,18 +593,14 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            ];
            await new toolrunner.ToolRunner(cmd, args).exec();
        },
-        async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId, tempDir, logger) {
-            const shouldWorkaroundInvalidNotifications = !(await isDiagnosticsExportInvalidSarifFixed(this));
-            const codeqlOutputFile = shouldWorkaroundInvalidNotifications
-                ? path.join(tempDir, "codeql-intermediate-results.sarif")
-                : sarifFile;
+        async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId) {
            const args = [
                "database",
                "export-diagnostics",
                `${databasePath}`,
                "--db-cluster", // Database is always a cluster for CodeQL versions that support diagnostics.
                "--format=sarif-latest",
-                `--output=${codeqlOutputFile}`,
+                `--output=${sarifFile}`,
                "--sarif-include-diagnostics", // ExportDiagnosticsEnabled is always true if this command is run.
                "-vvv",
                ...getExtraOptionsFromEnv(["diagnostics", "export"]),
@@ -623,10 +609,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                args.push("--sarif-category", automationDetailsId);
            }
            await new toolrunner.ToolRunner(cmd, args).exec();
-            if (shouldWorkaroundInvalidNotifications) {
-                // Fix invalid notifications in the SARIF file output by CodeQL.
-                util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
-            }
        },
        async diagnosticsExport(sarifFile, automationDetailsId, config) {
            const args = [
@@ -680,7 +662,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            if (mergeRunsFromEqualCategory) {
                args.push("--sarif-merge-runs-from-equal-category");
            }
-            await runTool(cmd, args);
+            await runCli(cmd, args);
        },
    };
    // To ensure that status reports include the CodeQL CLI version wherever
@@ -760,48 +742,16 @@ function getExtraOptions(options, paths, pathInfo) {
        : getExtraOptions(options?.[paths[0]], paths?.slice(1), pathInfo.concat(paths[0]));
    return all.concat(specific);
 }
-/*
- * A constant defining the maximum number of characters we will keep from
- * the programs stderr for logging. This serves two purposes:
- * (1) It avoids an OOM if a program fails in a way that results it
- *     printing many log lines.
- * (2) It avoids us hitting the limit of how much data we can send in our
- *     status reports on GitHub.com.
- */
-const maxErrorSize = 20_000;
-async function runTool(cmd, args = [], opts = {}) {
-    let stdout = "";
-    let stderr = "";
-    process.stdout.write(`[command]${cmd} ${args.join(" ")}\n`);
-    const exitCode = await new toolrunner.ToolRunner(cmd, args, {
-        ignoreReturnCode: true,
-        listeners: {
-            stdout: (data) => {
-                stdout += data.toString("utf8");
-                if (!opts.noStreamStdout) {
-                    process.stdout.write(data);
-                }
-            },
-            stderr: (data) => {
-                let readStartIndex = 0;
-                // If the error is too large, then we only take the last 20,000 characters
-                if (data.length - maxErrorSize > 0) {
-                    // Eg: if we have 20,000 the start index should be 2.
-                    readStartIndex = data.length - maxErrorSize + 1;
-                }
-                stderr += data.toString("utf8", readStartIndex);
-                // Mimic the standard behavior of the toolrunner by writing stderr to stdout
-                process.stdout.write(data);
-            },
-        },
-        silent: true,
-        ...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
-    }).exec();
-    if (exitCode !== 0) {
-        const e = new cli_errors_1.CommandInvocationError(cmd, args, exitCode, stderr, stdout);
-        throw (0, cli_errors_1.wrapCliConfigurationError)(e);
+async function runCli(cmd, args = [], opts = {}) {
+    try {
+        return await (0, actions_util_1.runTool)(cmd, args, opts);
+    }
+    catch (e) {
+        if (e instanceof actions_util_1.CommandInvocationError) {
+            throw (0, cli_errors_1.wrapCliConfigurationError)(new cli_errors_1.CliError(e));
+        }
+        throw e;
    }
-    return stdout;
 }
 /**
 * Generates a code scanning configuration that is to be used for a scan.
@@ -813,7 +763,7 @@ async function runTool(cmd, args = [], opts = {}) {
 async function generateCodeScanningConfig(config, logger) {
    const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config);
    // make a copy so we can modify it
-    const augmentedConfig = cloneObject(config.originalUserInput);
+    const augmentedConfig = (0, util_1.cloneObject)(config.originalUserInput);
    // Inject the queries from the input
    if (config.augmentationProperties.queriesInput) {
        if (config.augmentationProperties.queriesInputCombines) {
@@ -857,9 +807,6 @@ async function generateCodeScanningConfig(config, logger) {
    fs.writeFileSync(codeScanningConfigFile, yaml.dump(augmentedConfig));
    return codeScanningConfigFile;
 }
-function cloneObject(obj) {
-    return JSON.parse(JSON.stringify(obj));
-}
 // This constant sets the size of each TRAP cache in megabytes.
 const TRAP_CACHE_SIZE_MB = 1024;
 async function getTrapCachingExtractorConfigArgs(config) {
@@ -887,9 +834,6 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) {
 function getGeneratedCodeScanningConfigPath(config) {
    return path.resolve(config.tempDir, "user-config.yaml");
 }
-async function isDiagnosticsExportInvalidSarifFixed(codeql) {
-    return await util.codeQlVersionAtLeast(codeql, exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED);
-}
 async function getLanguageAliasingArguments(codeql) {
    if (await util.codeQlVersionAtLeast(codeql, exports.CODEQL_VERSION_LANGUAGE_ALIASING)) {
        return ["--extractor-include-aliases"];
@@ -929,4 +873,11 @@ function applyAutobuildAzurePipelinesTimeoutFix() {
        "-Dmaven.wagon.http.pool=false",
    ].join(" ");
 }
+async function getJobRunUuidSarifOptions(codeql) {
+    const jobRunUuid = process.env[environment_1.EnvVar.JOB_RUN_UUID];
+    return jobRunUuid &&
+        (await codeql.supportsFeature(tools_features_1.ToolsFeature.DatabaseInterpretResultsSupportsSarifRunProperty))
+        ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`]
+        : [];
+}
 //# sourceMappingURL=codeql.js.map
@@ -40,6 +40,7 @@ const actionsUtil = __importStar(require("./actions-util"));
 const cli_errors_1 = require("./cli-errors");
 const codeql = __importStar(require("./codeql"));
 const defaults = __importStar(require("./defaults.json"));
+const doc_url_1 = require("./doc-url");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const setup_codeql_1 = require("./setup-codeql");
@@ -59,7 +60,7 @@ async function installIntoToolcache({ apiDetails = testing_utils_1.SAMPLE_DOTCOM
    const url = (0, testing_utils_1.mockBundleDownloadApi)({ apiDetails, isPinned, tagName });
    await codeql.setupCodeQL(cliVersion !== undefined ? undefined : url, apiDetails, tmpDir, util.GitHubVariant.GHES, cliVersion !== undefined
        ? { cliVersion, tagName }
-        : testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        : testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
 }
 function mockReleaseApi({ apiDetails = testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, assetNames, tagName, }) {
    return (0, nock_1.default)(apiDetails.apiURL)
@@ -96,11 +97,11 @@ function mockApiDetails(apiDetails) {
                tagName: `codeql-bundle-${version}`,
                isPinned: false,
            });
-            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
            t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
            t.is(result.toolsVersion, `0.0.0-${version}`);
            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
+            t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
        }
        t.is(toolcache.findAllVersions("CodeQL").length, 2);
    });
@@ -112,12 +113,12 @@ function mockApiDetails(apiDetails) {
            tagName: `codeql-bundle-v2.14.0`,
            isPinned: false,
        });
-        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
        t.is(toolcache.findAllVersions("CodeQL").length, 1);
        t.assert(toolcache.find("CodeQL", `2.14.0`));
        t.is(result.toolsVersion, `2.14.0`);
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
+        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
    });
 });
 (0, ava_1.default)("downloads an explicitly requested bundle even if a different version is cached", async (t) => {
@@ -131,46 +132,37 @@ function mockApiDetails(apiDetails) {
        const url = (0, testing_utils_1.mockBundleDownloadApi)({
            tagName: "codeql-bundle-20200610",
        });
-        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
        t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
        t.deepEqual(result.toolsVersion, "0.0.0-20200610");
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
+        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
    });
 });
 const EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES = [
    {
-        cliVersion: "2.10.0",
-        expectedToolcacheVersion: "2.10.0-20200610",
+        tagName: "codeql-bundle-2.17.6",
+        expectedToolcacheVersion: "2.17.6",
    },
    {
-        cliVersion: "2.10.0-pre",
-        expectedToolcacheVersion: "0.0.0-20200610",
-    },
-    {
-        cliVersion: "2.10.0+202006100101",
-        expectedToolcacheVersion: "0.0.0-20200610",
+        tagName: "codeql-bundle-20240805",
+        expectedToolcacheVersion: "0.0.0-20240805",
    },
 ];
-for (const { cliVersion, expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES) {
-    (0, ava_1.default)(`caches an explicitly requested bundle containing CLI ${cliVersion} as ${expectedToolcacheVersion}`, async (t) => {
+for (const { tagName, expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES) {
+    (0, ava_1.default)(`caches explicitly requested bundle ${tagName} as ${expectedToolcacheVersion}`, async (t) => {
        await util.withTmpDir(async (tmpDir) => {
            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
            mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS);
            sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
-            const releaseApiMock = mockReleaseApi({
-                assetNames: [`cli-version-${cliVersion}.txt`],
-                tagName: "codeql-bundle-20200610",
-            });
            const url = (0, testing_utils_1.mockBundleDownloadApi)({
-                tagName: "codeql-bundle-20200610",
+                tagName,
            });
-            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
-            t.assert(releaseApiMock.isDone(), "Releases API should have been called");
+            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
            t.assert(toolcache.find("CodeQL", expectedToolcacheVersion));
-            t.deepEqual(result.toolsVersion, cliVersion);
+            t.deepEqual(result.toolsVersion, expectedToolcacheVersion);
            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
+            t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
        });
    });
 }
@@ -189,10 +181,10 @@ for (const toolcacheVersion of [
                .withArgs("CodeQL", toolcacheVersion)
                .returns("path/to/cached/codeql");
            sinon.stub(toolcache, "findAllVersions").returns([toolcacheVersion]);
-            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
            t.is(result.toolsVersion, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION.cliVersion);
            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
-            t.is(result.toolsDownloadDurationMs, undefined);
+            t.is(result.toolsDownloadStatusReport?.downloadDurationMs, undefined);
        });
    });
 }
@@ -207,10 +199,10 @@ for (const toolcacheVersion of [
        const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.GHES, {
            cliVersion: defaults.cliVersion,
            tagName: defaults.bundleVersion,
-        }, (0, logging_1.getRunnerLogger)(true), false);
+        }, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
        t.deepEqual(result.toolsVersion, "0.0.0-20200601");
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
-        t.is(result.toolsDownloadDurationMs, undefined);
+        t.is(result.toolsDownloadStatusReport?.downloadDurationMs, undefined);
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 1);
    });
@@ -229,10 +221,10 @@ for (const toolcacheVersion of [
        const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.GHES, {
            cliVersion: defaults.cliVersion,
            tagName: defaults.bundleVersion,
-        }, (0, logging_1.getRunnerLogger)(true), false);
+        }, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
        t.deepEqual(result.toolsVersion, defaults.cliVersion);
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
+        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 2);
    });
@@ -248,10 +240,10 @@ for (const toolcacheVersion of [
        (0, testing_utils_1.mockBundleDownloadApi)({
            tagName: defaults.bundleVersion,
        });
-        const result = await codeql.setupCodeQL("latest", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL("latest", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
        t.deepEqual(result.toolsVersion, defaults.cliVersion);
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
+        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 2);
    });
@@ -262,7 +254,7 @@ for (const toolcacheVersion of [
        mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS);
        sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
        const releasesApiMock = mockReleaseApi({
-            assetNames: ["cli-version-2.12.6.txt"],
+            assetNames: ["cli-version-2.13.5.txt"],
            tagName: "codeql-bundle-20230203",
        });
        (0, testing_utils_1.mockBundleDownloadApi)({
@@ -270,10 +262,10 @@ for (const toolcacheVersion of [
            platformSpecific: false,
            tagName: "codeql-bundle-20230203",
        });
-        const result = await codeql.setupCodeQL("https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL("https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true), false);
        t.is(result.toolsVersion, "0.0.0-20230203");
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        t.true(Number.isInteger(result.toolsDownloadDurationMs));
+        t.true(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 1);
        t.is(cachedVersions[0], "0.0.0-20230203");
@@ -315,7 +307,7 @@ const injectedConfigMacro = ava_1.default.macro({
                tempDir,
                augmentationProperties,
            };
-            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, logging_1.getRunnerLogger)(true));
            const args = runnerConstructorStub.firstCall.args[1];
            // should have used an config file
            const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
@@ -450,8 +442,8 @@ const injectedConfigMacro = ava_1.default.macro({
    await util.withTmpDir(async (tempDir) => {
        const runnerConstructorStub = stubToolRunnerConstructor();
        const codeqlObject = await codeql.getCodeQLForTesting();
-        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
-        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
        const args = runnerConstructorStub.firstCall.args[1];
        // should have used a config file
        const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
@@ -465,9 +457,9 @@ const injectedConfigMacro = ava_1.default.macro({
    await util.withTmpDir(async (tempDir) => {
        const runnerConstructorStub = stubToolRunnerConstructor();
        const codeqlObject = await codeql.getCodeQLForTesting();
-        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
+        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, undefined, // undefined qlconfigFile
-        (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        (0, logging_1.getRunnerLogger)(true));
        const args = runnerConstructorStub.firstCall.args[1];
        const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
        t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
@@ -496,7 +488,7 @@ const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
        codeqlVersion: (0, testing_utils_1.makeVersionInfo)("2.15.0"),
        githubVersion: {
            type: util.GitHubVariant.GHES,
-            version: "3.9.0",
+            version: "3.10.0",
        },
        flagPassed: true,
        negativeFlagPassed: false,
@@ -521,25 +513,12 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
        sinon.stub(codeqlObject, "getVersion").resolves(codeqlVersion);
        // safeWhich throws because of the test CodeQL object.
        sinon.stub(safeWhich, "safeWhich").resolves("");
-        await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]));
        const actualArgs = runnerConstructorStub.firstCall.args[1];
        t.is(actualArgs.includes("--new-analysis-summary"), flagPassed, `--new-analysis-summary should${flagPassed ? "" : "n't"} be passed`);
        t.is(actualArgs.includes("--no-new-analysis-summary"), negativeFlagPassed, `--no-new-analysis-summary should${negativeFlagPassed ? "" : "n't"} be passed`);
    });
 }
-(0, ava_1.default)("database finalize does not override no code found error on CodeQL 2.12.6", async (t) => {
-    const cliMessage = "CodeQL did not detect any code written in languages supported by CodeQL. Review our troubleshooting guide at " +
-        "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.";
-    stubToolRunnerConstructor(32, cliMessage);
-    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
-    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
-        message: 'Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db". ' +
-            `Exit code was 32 and last log line was: ${cliMessage} See the logs for more details.`,
-    });
-});
 (0, ava_1.default)("runTool summarizes several fatal errors", async (t) => {
    const heapError = "A fatal error occurred: Evaluator heap must be at least 384.00 MiB";
    const datasetImportError = "A fatal error occurred: Dataset import for /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2";
@@ -547,7 +526,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
        `${heapError}\n${datasetImportError}.`;
    stubToolRunnerConstructor(32, cliStderr);
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
    // safeWhich throws because of the test CodeQL object.
    sinon.stub(safeWhich, "safeWhich").resolves("");
    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
@@ -569,15 +548,14 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
  `;
    stubToolRunnerConstructor(1, stderr);
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
    sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
    // safeWhich throws because of the test CodeQL object.
    sinon.stub(safeWhich, "safeWhich").resolves("");
    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java), {
-        instanceOf: cli_errors_1.CommandInvocationError,
+        instanceOf: util.ConfigurationError,
        message: "We were unable to automatically build your code. Please provide manual build steps. " +
-            "For more information, see " +
-            "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed. " +
+            `See ${doc_url_1.DocUrl.AUTOMATIC_BUILD_FAILED} for more information. ` +
            "Encountered the following error: Start of the error message\n" +
            "  Some more context about the error message\n" +
            "  continued\n" +
@@ -588,24 +566,42 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
    const stderr = Array.from({ length: 20 }, (_, i) => `[2019-09-18 12:00:00] [autobuild] [ERROR] line${i + 1}`).join("\n");
    stubToolRunnerConstructor(1, stderr);
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
    sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
    // safeWhich throws because of the test CodeQL object.
    sinon.stub(safeWhich, "safeWhich").resolves("");
    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java), {
-        instanceOf: cli_errors_1.CommandInvocationError,
+        instanceOf: util.ConfigurationError,
        message: "We were unable to automatically build your code. Please provide manual build steps. " +
-            "For more information, see " +
-            "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed. " +
+            `See ${doc_url_1.DocUrl.AUTOMATIC_BUILD_FAILED} for more information. ` +
            "Encountered the following error: " +
            `${Array.from({ length: 10 }, (_, i) => `line${i + 1}`).join("\n")}\n(truncated)`,
    });
 });
+(0, ava_1.default)("runTool recognizes fatal internal errors", async (t) => {
+    const stderr = `
+    [11/31 eval 8m19s] Evaluation done; writing results to codeql/go-queries/Security/CWE-020/MissingRegexpAnchor.bqrs.
+    Oops! A fatal internal error occurred. Details:
+    com.semmle.util.exception.CatastrophicError: An error occurred while evaluating ControlFlowGraph::ControlFlow::Root.isRootOf/1#dispred#f610e6ed/2@86282cc8
+    Severe disk cache trouble (corruption or out of space) at /home/runner/work/_temp/codeql_databases/go/db-go/default/cache/pages/28/33.pack: Failed to write item to disk`;
+    stubToolRunnerConstructor(1, stderr);
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
+    sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
+    // safeWhich throws because of the test CodeQL object.
+    sinon.stub(safeWhich, "safeWhich").resolves("");
+    await t.throwsAsync(async () => await codeqlObject.databaseRunQueries(stubConfig.dbLocation, []), {
+        instanceOf: cli_errors_1.CliError,
+        message: `Encountered a fatal error while running "codeql-for-testing database run-queries  --expect-discarded-cache --min-disk-free=1024 -v --intra-layer-parallelism". Exit code was 1 and error was: Oops! A fatal internal error occurred. Details:
+    com.semmle.util.exception.CatastrophicError: An error occurred while evaluating ControlFlowGraph::ControlFlow::Root.isRootOf/1#dispred#f610e6ed/2@86282cc8
+    Severe disk cache trouble (corruption or out of space) at /home/runner/work/_temp/codeql_databases/go/db-go/default/cache/pages/28/33.pack: Failed to write item to disk. See the logs for more details.`,
+    });
+});
 (0, ava_1.default)("runTool outputs last line of stderr if fatal error could not be found", async (t) => {
    const cliStderr = "line1\nline2\nline3\nline4\nline5";
    stubToolRunnerConstructor(32, cliStderr);
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
    // safeWhich throws because of the test CodeQL object.
    sinon.stub(safeWhich, "safeWhich").resolves("");
    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
@@ -617,12 +613,12 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
 (0, ava_1.default)("Avoids duplicating --overwrite flag if specified in CODEQL_ACTION_EXTRA_OPTIONS", async (t) => {
    const runnerConstructorStub = stubToolRunnerConstructor();
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
    // safeWhich throws because of the test CodeQL object.
    sinon.stub(safeWhich, "safeWhich").resolves("");
    process.env["CODEQL_ACTION_EXTRA_OPTIONS"] =
        '{ "database": { "init": ["--overwrite"] } }';
-    await codeqlObject.databaseInitCluster(stubConfig, "sourceRoot", undefined, undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(false));
+    await codeqlObject.databaseInitCluster(stubConfig, "sourceRoot", undefined, undefined, (0, logging_1.getRunnerLogger)(false));
    t.true(runnerConstructorStub.calledOnce);
    const args = runnerConstructorStub.firstCall.args[1];
    t.is(args.filter((option) => option === "--overwrite").length, 1, "--overwrite should only be passed once");
@@ -42,6 +42,7 @@ exports.parsePacksFromInput = parsePacksFromInput;
 exports.parsePacksSpecification = parsePacksSpecification;
 exports.validatePackSpecification = validatePackSpecification;
 exports.initConfig = initConfig;
+exports.parseRegistriesWithoutCredentials = parseRegistriesWithoutCredentials;
 exports.getPathToParsedConfigFile = getPathToParsedConfigFile;
 exports.getConfig = getConfig;
 exports.generateRegistries = generateRegistries;
@@ -419,7 +420,7 @@ function parsePacksSpecification(packStr) {
        try {
            new semver.Range(version);
        }
-        catch (e) {
+        catch {
            // The range string is invalid. OK to ignore the caught error
            throw new util_1.ConfigurationError(getPacksStrInvalid(packStr));
        }
@@ -503,10 +504,16 @@ function parseRegistries(registriesInput) {
            ? yaml.load(registriesInput)
            : undefined;
    }
-    catch (e) {
+    catch {
        throw new util_1.ConfigurationError("Invalid registries input. Must be a YAML string.");
    }
 }
+function parseRegistriesWithoutCredentials(registriesInput) {
+    return parseRegistries(registriesInput)?.map((r) => {
+        const { url, packages } = r;
+        return { url, packages };
+    });
+}
 function isLocal(configPath) {
    // If the path starts with ./, look locally
    if (configPath.indexOf("./") === 0) {
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAMA,kBAuBC;AA7BD,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAmD;AACnD,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CACvB,wBAGkB;IAElB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;AACH,CAAC"}