Merge pull request #3043 from github/mergeback/v3.29.10-to-main-96f518a3

Mergeback v3.29.10 refs/heads/releases/v3 into main
Update checked-in dependencies
2026-05-04 04:40:09 +00:00 · 2025-08-18 13:22:40 +01:00 · 2025-08-18 12:00:29 +00:00 · 2025-08-18 11:46:17 +00:00 · 2025-08-18 12:45:49 +01:00 · 2025-08-18 09:58:01 +00:00
111 changed files with 955 additions and 342 deletions
@@ -1,5 +1,21 @@
 # CodeQL Action - Copilot Instructions

+## Generated code
+
 The CodeQL Action is written in TypeScript and compiled to JavaScript. Both the TypeScript sources and the **generated** JavaScript code are contained in this repository. The TypeScript sources are contained in the `src` directory and the JavaScript code is contained in the `lib` directory. A GitHub Actions workflow checks that the JavaScript code in `lib` is up-to-date. Therefore, you should not review any changes to the contents of the `lib` folder and it is expected that the JavaScript code in `lib` closely mirrors the TypeScript code it is generated from.

-GitHub Actions workflows in the `.github/workflows` directory whose filenames start with two underscores (e.g. `__all-platform-bundle.yml`) are automatically generated using the `pr-checks/sync.sh` script from template files in the `pr-checks/checks` directory. Therefore, you do not need to review files in the `.github/workflows` directory that starts with two underscores. However, you should review changes to the `pr-checks` directory as well as workflows in the `.github/workflows` directory that do not start with underscores.
+GitHub Actions workflows in the `.github/workflows` directory whose filenames start with two underscores (e.g. `__all-platform-bundle.yml`) are automatically generated using the `pr-checks/sync.sh` script from template files in the `pr-checks/checks` directory. Therefore, you do not need to review files in the `.github/workflows` directory that start with two underscores. However, you should review changes to the `pr-checks` directory as well as workflows in the `.github/workflows` directory that do not start with underscores.
+
+## Release process
+
+- A release-PR is a PR which matches all of the following patterns:
+  - PR title starts with the exact prefix: `Merge main into releases/v`
+    - Equivalent regex: `^Merge main into releases\/v`
+  - AND head (source) branch matches the update-branch pattern:
+    - Regex: `^update-v[0-9]+(?:\.[0-9]+)*(?:-[a-f0-9]+)?` (e.g. `update-v3.29.9-cc722e476`)
+  - AND base (target) branch matches a release branch:
+    - Regex: `^releases\/v` (e.g. `releases/v3`)
+
+- Consider all files in release-PRs to have already been reviewed and do not review them, except for the following two files:
+    - `CHANGELOG.md`
+    - `package.json`
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  all-platform-bundle:
    strategy:
@@ -37,7 +50,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - id: init
        uses: ./../action/init
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  analyze-ref-input:
    strategy:
@@ -41,7 +54,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  autobuild-action:
    strategy:
@@ -41,7 +44,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      java-version:
+        type: string
+        description: The version of Java to install
+        required: false
+        default: '17'
+  workflow_call:
+    inputs:
+      java-version:
+        type: string
+        description: The version of Java to install
+        required: false
+        default: '17'
 jobs:
  autobuild-direct-tracing-with-working-dir:
    strategy:
@@ -43,7 +56,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -51,6 +64,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ inputs.java-version || '17' }}
+          distribution: temurin
      - name: Test setup
        shell: bash
        run: |
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      java-version:
+        type: string
+        description: The version of Java to install
+        required: false
+        default: '17'
+  workflow_call:
+    inputs:
+      java-version:
+        type: string
+        description: The version of Java to install
+        required: false
+        default: '17'
 jobs:
  autobuild-direct-tracing:
    strategy:
@@ -43,7 +56,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -51,6 +64,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ inputs.java-version || '17' }}
+          distribution: temurin
      - name: Set up Java test repo configuration
        shell: bash
        run: |
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  build-mode-autobuild:
    strategy:
@@ -37,7 +40,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  build-mode-manual:
    strategy:
@@ -37,7 +50,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        id: init
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  build-mode-none:
    strategy:
@@ -39,7 +42,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  build-mode-rollback:
    strategy:
@@ -37,7 +40,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  bundle-toolcache:
    strategy:
@@ -41,7 +44,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  bundle-zstd:
    strategy:
@@ -41,7 +44,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  cleanup-db-cluster-dir:
    strategy:
@@ -37,7 +40,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  config-export:
    strategy:
@@ -47,7 +50,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  config-input:
    strategy:
@@ -37,7 +40,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  cpp-deptrace-disabled:
    strategy:
@@ -41,7 +44,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  cpp-deptrace-enabled-on-macos:
    strategy:
@@ -39,7 +42,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  cpp-deptrace-enabled:
    strategy:
@@ -41,7 +44,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  diagnostics-export:
    strategy:
@@ -47,7 +50,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  export-file-baseline-information:
    strategy:
@@ -41,7 +54,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        id: init
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  extractor-ram-threads:
    strategy:
@@ -37,7 +40,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  go-custom-queries:
    strategy:
@@ -39,7 +52,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -50,7 +63,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  go-indirect-tracing-workaround-diagnostic:
    strategy:
@@ -37,7 +50,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  go-indirect-tracing-workaround-no-file-program:
    strategy:
@@ -37,7 +50,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - name: Remove `file` program
        run: |
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  go-indirect-tracing-workaround:
    strategy:
@@ -37,7 +50,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  go-tracing-autobuilder:
    strategy:
@@ -67,7 +80,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -78,7 +91,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  go-tracing-custom-build-steps:
    strategy:
@@ -67,7 +80,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -78,7 +91,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  go-tracing-legacy-workflow:
    strategy:
@@ -67,7 +80,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -78,7 +91,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -0,0 +1,77 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pr-checks/sync.sh
+# to regenerate this file.
+
+name: Manual Check - go
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    paths:
+      - .github/workflows/__go.yml
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+jobs:
+  go-custom-queries:
+    name: 'Go: Custom queries'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-custom-queries.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-indirect-tracing-workaround-diagnostic:
+    name: 'Go: diagnostic when Go is changed after init step'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-indirect-tracing-workaround-no-file-program:
+    name: 'Go: diagnostic when `file` is not installed'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-indirect-tracing-workaround:
+    name: 'Go: workaround for indirect tracing'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-indirect-tracing-workaround.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-tracing-autobuilder:
+    name: 'Go: tracing with autobuilder step'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-tracing-autobuilder.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-tracing-custom-build-steps:
+    name: 'Go: tracing with custom build steps'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-tracing-custom-build-steps.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-tracing-legacy-workflow:
+    name: 'Go: tracing with legacy workflow'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-tracing-legacy-workflow.yml
+    with:
+      go-version: ${{ inputs.go-version }}
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  init-with-registries:
    strategy:
@@ -54,7 +57,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  javascript-source-root:
    strategy:
@@ -41,7 +44,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  job-run-uuid-sarif:
    strategy:
@@ -37,7 +40,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  language-aliases:
    strategy:
@@ -37,7 +40,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  multi-language-autodetect:
    strategy:
@@ -67,7 +80,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -78,7 +91,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        id: init
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  overlay-init-fallback:
    strategy:
@@ -39,7 +42,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  packaging-codescanning-config-inputs-js:
    strategy:
@@ -53,7 +66,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -64,7 +77,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  packaging-config-inputs-js:
    strategy:
@@ -53,7 +66,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -64,7 +77,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  packaging-config-js:
    strategy:
@@ -53,7 +66,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -64,7 +77,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  packaging-inputs-js:
    strategy:
@@ -53,7 +66,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -64,7 +77,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  quality-queries:
    strategy:
@@ -47,7 +50,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  remote-config:
    strategy:
@@ -39,7 +52,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -50,7 +63,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  resolve-environment-action:
    strategy:
@@ -53,7 +56,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  rubocop-multi-language:
    strategy:
@@ -37,7 +40,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  ruby:
    strategy:
@@ -47,7 +50,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  rust:
    strategy:
@@ -45,7 +48,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  split-workflow:
    strategy:
@@ -47,7 +60,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -58,7 +71,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  start-proxy:
    strategy:
@@ -41,7 +44,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  submit-sarif-failure:
    strategy:
@@ -42,7 +45,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -50,7 +53,7 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - uses: ./init
        with:
          languages: javascript
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  swift-autobuild:
    strategy:
@@ -37,7 +40,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  swift-custom-build:
    strategy:
@@ -41,7 +54,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        id: init
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  test-autobuild-working-dir:
    strategy:
@@ -37,7 +40,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  test-local-codeql:
    strategy:
@@ -37,7 +50,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - name: Fetch a CodeQL bundle
        shell: bash
@@ -20,7 +20,10 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
  test-proxy:
    strategy:
@@ -51,7 +54,7 @@ jobs:
          apt install -y gh
        env: {}
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  unset-environment:
    strategy:
@@ -39,7 +52,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -50,7 +63,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        id: init
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  upload-quality-sarif:
    strategy:
@@ -41,7 +54,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  upload-ref-sha-input:
    strategy:
@@ -41,7 +54,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - uses: ./../action/init
        with:
@@ -20,7 +20,20 @@ on:
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
  with-checkout-path:
    strategy:
@@ -41,7 +54,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v5
        with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
          cache: false
      - name: Delete original checkout
        shell: bash
@@ -63,7 +76,7 @@ jobs:
          rm -rf ./* .github .git
  # Check out the actions repo again, but at a different location.
  # choose an arbitrary SHA so that we can later test that the commit_oid is not from main
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
          path: x/y/z/some-path
@@ -18,7 +18,7 @@ jobs:

    steps:
      - name: Checkout CodeQL Action
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Check Expected Release Files
        run: |
          bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")"
@@ -27,7 +27,7 @@ jobs:
      contents: read

    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
    - name: Init with default CodeQL bundle from the VM image
      id: init-default
      uses: ./init
@@ -85,7 +85,7 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
    - name: Initialize CodeQL
      uses: ./init
      id: init
@@ -114,7 +114,7 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
    - name: Initialize CodeQL
      uses: ./init
      with:
@@ -54,7 +54,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
@@ -39,7 +39,7 @@ jobs:
      - name: Dump GitHub event
        run: cat "${GITHUB_EVENT_PATH}"
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -73,7 +73,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
      - name: Check expected artifacts exist
        shell: bash
        run: |
@@ -35,7 +35,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -67,7 +67,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
      - name: Check expected artifacts exist
        shell: bash
        run: |
@@ -27,7 +27,7 @@ jobs:
      security-events: read
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
@@ -40,7 +40,7 @@ jobs:
          GITHUB_CONTEXT: '${{ toJson(github) }}'
        run: echo "${GITHUB_CONTEXT}"

-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 0  # ensure we have all tags and can push commits
      - uses: actions/setup-node@v4
@@ -168,7 +168,7 @@ jobs:
            --draft

      - name: Generate token
-        uses: actions/create-github-app-token@v2.0.6
+        uses: actions/create-github-app-token@v2.1.1
        id: app-token
        with:
          app-id: ${{ vars.AUTOMATION_APP_ID }}
@@ -22,7 +22,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: Lint
        id: lint
@@ -46,7 +46,7 @@ jobs:
    timeout-minutes: 45

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - name: Check node modules up to date
        run: .github/workflows/script/check-node-modules.sh

@@ -60,7 +60,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5

      - name: Set up Python
        uses: actions/setup-python@v5
@@ -85,7 +85,7 @@ jobs:
    timeout-minutes: 45

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - name: npm test
        run: |
          # Run any commands referenced in package.json using Bash, otherwise
@@ -105,7 +105,7 @@ jobs:
      contents: read

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
      - id: head-version
        name: Verify all Actions use the same Node version
        run: |
@@ -120,7 +120,7 @@ jobs:
      - id: checkout-base
        name: 'Backport: Check out base ref'
        if: ${{ startsWith(github.head_ref, 'backport-') }}
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          ref: ${{ env.BASE_REF }}

@@ -28,7 +28,7 @@ jobs:
          fi
      - name: Checking out
        if: steps.check.outputs.is-action-release == 'true'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Publish
        if: steps.check.outputs.is-action-release == 'true'
        id: publish
@@ -26,7 +26,7 @@ jobs:
      with:
        python-version: 3.12

-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5

    - name: Prepare test
      uses: ./.github/actions/prepare-test
@@ -24,7 +24,7 @@ jobs:
      contents: read # This permission is needed to allow the GitHub Actions workflow to read the contents of the repository.
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
@@ -16,7 +16,7 @@ jobs:
      pull-requests: write # needed to comment on the PR
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0
          ref: ${{ github.event.pull_request.head.ref || github.event.ref }}
@@ -32,7 +32,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
@@ -29,7 +29,7 @@ jobs:
          GITHUB_CONTEXT: '${{ toJson(github) }}'
        run: echo "$GITHUB_CONTEXT"

-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5

      - name: Update git config
        run: |
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write # needed to comment on the PR
    steps:
    - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5

    - name: Remove PR label
      env:
@@ -40,7 +40,7 @@ jobs:
        uses: actions/setup-node@v4

      - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          fetch-depth: 0  # ensure we have all tags and can push commits
          ref: main
@@ -25,7 +25,7 @@ jobs:
    permissions:
      contents: read
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
      with:
        fetch-depth: 0  # Need full history for calculation of diffs
    - uses: ./.github/actions/release-initialise
@@ -69,7 +69,7 @@ jobs:
      contents: write # needed to push commits
      pull-requests: write # needed to create pull request
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
      with:
        fetch-depth: 0  # Need full history for calculation of diffs
    - uses: ./.github/actions/release-initialise
@@ -124,14 +124,14 @@ jobs:
      pull-requests: write # needed to create pull request
    steps:
    - name: Generate token
-      uses: actions/create-github-app-token@v2.0.6
+      uses: actions/create-github-app-token@v2.1.1
      id: app-token
      with:
        app-id: ${{ vars.AUTOMATION_APP_ID }}
        private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
      with:
        fetch-depth: 0  # Need full history for calculation of diffs
        token: ${{ steps.app-token.outputs.token }}
@@ -21,9 +21,9 @@ jobs:
        with:
          python-version: "3.13"
      - name: Checkout CodeQL Action
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
      - name: Checkout Enterprise Releases
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
        with:
          repository: github/enterprise-releases
          token: ${{ secrets.ENTERPRISE_RELEASE_TOKEN }}
@@ -2,6 +2,14 @@

 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

+## [UNRELEASED]
+
+No user facing changes.
+
+## 3.29.10 - 18 Aug 2025
+
+No user facing changes.
+
 ## 3.29.9 - 12 Aug 2025

 No user facing changes.
@@ -186,7 +186,7 @@ async function run() {
            delete process.env.CODEQL_PROXY_PORT;
            delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
        }
-        if (actionsUtil.getOptionalInput("cleanup-level") !== "") {
+        if (actionsUtil.getOptionalInput("cleanup-level")) {
            logger.info("The 'cleanup-level' input is ignored since the CodeQL Action now automatically " +
                "manages database cleanup. This input can safely be removed from your workflow.");
        }
@@ -93,5 +93,9 @@ var EnvVar;
     * Useful for testing purposes where multiple caches may be stored in the same repository.
     */
    EnvVar["DEPENDENCY_CACHING_PREFIX"] = "CODEQL_ACTION_DEPENDENCY_CACHE_PREFIX";
+    /**
+     * Whether to enable experimental extractors for CodeQL.
+     */
+    EnvVar["EXPERIMENTAL_FEATURES"] = "CODEQL_ENABLE_EXPERIMENTAL_FEATURES";
 })(EnvVar || (exports.EnvVar = EnvVar = {}));
 //# sourceMappingURL=environment.js.map
@@ -1 +1 @@
-{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACH,IAAY,MA8GX;AA9GD,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,6DAA6D;IAC7D,mGAAyF,CAAA;IAEzF;;;OAGG;IACH,4CAAkC,CAAA;IAElC,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,4CAA4C;IAC5C,4DAAkD,CAAA;IAElD,kFAAkF;IAClF,+EAAqE,CAAA;IAErE;;;OAGG;IACH,yDAA+C,CAAA;IAE/C,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,+EAA+E;IAC/E,iDAAuC,CAAA;IAEvC,mEAAyD,CAAA;IAEzD,8DAA8D;IAC9D,6EAAmE,CAAA;IAEnE;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;OAGG;IACH,wDAA8C,CAAA;IAE9C;;;;OAIG;IACH,iEAAuD,CAAA;IAEvD;;;OAGG;IACH,6EAAmE,CAAA;AACrE,CAAC,EA9GW,MAAM,sBAAN,MAAM,QA8GjB"}
+{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACH,IAAY,MAmHX;AAnHD,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,6DAA6D;IAC7D,mGAAyF,CAAA;IAEzF;;;OAGG;IACH,4CAAkC,CAAA;IAElC,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,4CAA4C;IAC5C,4DAAkD,CAAA;IAElD,kFAAkF;IAClF,+EAAqE,CAAA;IAErE;;;OAGG;IACH,yDAA+C,CAAA;IAE/C,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,+EAA+E;IAC/E,iDAAuC,CAAA;IAEvC,mEAAyD,CAAA;IAEzD,8DAA8D;IAC9D,6EAAmE,CAAA;IAEnE;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;OAGG;IACH,wDAA8C,CAAA;IAE9C;;;;OAIG;IACH,iEAAuD,CAAA;IAEvD;;;OAGG;IACH,6EAAmE,CAAA;IAEnE;;OAEG;IACH,uEAA6D,CAAA;AAC/D,CAAC,EAnHW,MAAM,sBAAN,MAAM,QAmHjB"}
@@ -59,7 +59,6 @@ exports.CODEQL_VERSION_ZSTD_BUNDLE = "2.19.0";
 var Feature;
 (function (Feature) {
    Feature["CleanupTrapCaches"] = "cleanup_trap_caches";
-    Feature["CppBuildModeNone"] = "cpp_build_mode_none";
    Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
    Feature["DiffInformedQueries"] = "diff_informed_queries";
    Feature["DisableCsharpBuildless"] = "disable_csharp_buildless";
@@ -89,7 +88,6 @@ var Feature;
    Feature["OverlayAnalysisSwift"] = "overlay_analysis_swift";
    Feature["PythonDefaultIsToNotExtractStdlib"] = "python_default_is_to_not_extract_stdlib";
    Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
-    Feature["RustAnalysis"] = "rust_analysis";
 })(Feature || (exports.Feature = Feature = {}));
 exports.featureConfig = {
    [Feature.CleanupTrapCaches]: {
@@ -97,11 +95,6 @@ exports.featureConfig = {
        envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES",
        minimumVersion: undefined,
    },
-    [Feature.CppBuildModeNone]: {
-        defaultValue: false,
-        envVar: "CODEQL_EXTRACTOR_CPP_BUILD_MODE_NONE",
-        minimumVersion: undefined,
-    },
    [Feature.CppDependencyInstallation]: {
        defaultValue: false,
        envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
@@ -247,11 +240,6 @@ exports.featureConfig = {
        minimumVersion: undefined,
        toolsFeature: tools_features_1.ToolsFeature.PythonDefaultIsToNotExtractStdlib,
    },
-    [Feature.RustAnalysis]: {
-        defaultValue: false,
-        envVar: "CODEQL_ACTION_RUST_ANALYSIS",
-        minimumVersion: "2.19.3",
-    },
    [Feature.QaTelemetryEnabled]: {
        defaultValue: false,
        envVar: "CODEQL_ACTION_QA_TELEMETRY",
@@ -85,7 +85,7 @@ const workflow = __importStar(require("./workflow"));
    const actionsWorkflow = createTestWorkflow([
        {
            name: "Checkout repository",
-            uses: "actions/checkout@v4",
+            uses: "actions/checkout@v5",
        },
        {
            name: "Initialize CodeQL",
@@ -108,7 +108,7 @@ const workflow = __importStar(require("./workflow"));
    const actionsWorkflow = createTestWorkflow([
        {
            name: "Checkout repository",
-            uses: "actions/checkout@v4",
+            uses: "actions/checkout@v5",
        },
        {
            name: "Initialize CodeQL",
@@ -134,7 +134,7 @@ const workflow = __importStar(require("./workflow"));
    const actionsWorkflow = createTestWorkflow([
        {
            name: "Checkout repository",
-            uses: "actions/checkout@v4",
+            uses: "actions/checkout@v5",
        },
        {
            name: "Initialize CodeQL",
@@ -187,7 +187,7 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
        const actionsWorkflow = createTestWorkflow([
            {
                name: "Checkout repository",
-                uses: "actions/checkout@v4",
+                uses: "actions/checkout@v5",
            },
            {
                name: "Initialize CodeQL",
@@ -218,7 +218,7 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
    const actionsWorkflow = createTestWorkflow([
        {
            name: "Checkout repository",
-            uses: "actions/checkout@v4",
+            uses: "actions/checkout@v5",
        },
        {
            name: "Initialize CodeQL",
@@ -244,7 +244,7 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
    const actionsWorkflow = createTestWorkflow([
        {
            name: "Checkout repository",
-            uses: "actions/checkout@v4",
+            uses: "actions/checkout@v5",
        },
        {
            name: "Initialize CodeQL",
@@ -271,7 +271,7 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
    const actionsWorkflow = createTestWorkflow([
        {
            name: "Checkout repository",
-            uses: "actions/checkout@v4",
+            uses: "actions/checkout@v5",
        },
    ]);
    const result = await testFailedSarifUpload(t, actionsWorkflow, {
@@ -196,32 +196,26 @@ async function run() {
            logger.warning(`Unable to validate code scanning workflow: ${validateWorkflowResult}`);
        }
        core.endGroup();
-        // Set CODEQL_ENABLE_EXPERIMENTAL_FEATURES for Rust. We need to set this environment
-        // variable before initializing the config, otherwise Rust analysis will not be
-        // enabled.
+        // Set CODEQL_ENABLE_EXPERIMENTAL_FEATURES for Rust if between 2.19.3 (included) and 2.22.1 (excluded)
+        // We need to set this environment variable before initializing the config, otherwise Rust
+        // analysis will not be enabled (experimental language packs are only active with that environment
+        // variable set to `true`).
        if (
-        // Only enable Rust analysis if the user has explicitly requested it - don't
-        // enable it via language autodetection.
+        // Only enable the experimental features env variable for Rust analysis if the user has explicitly
+        // requested rust - don't enable it via language autodetection.
        configUtils
            .getRawLanguagesNoAutodetect((0, actions_util_1.getOptionalInput)("languages"))
            .includes(languages_1.KnownLanguage.rust)) {
-            const feat = feature_flags_1.Feature.RustAnalysis;
-            const minVer = feature_flags_1.featureConfig[feat].minimumVersion;
-            const envVar = "CODEQL_ENABLE_EXPERIMENTAL_FEATURES";
-            // if in default setup, it means the feature flag was on when rust was enabled
-            // if the feature flag gets turned off, let's not have rust analysis throwing a configuration error
-            // in that case rust analysis will be disabled only when default setup is refreshed
-            if ((0, actions_util_1.isDefaultSetup)() || (await features.getValue(feat, codeql))) {
-                core.exportVariable(envVar, "true");
-            }
-            if (process.env[envVar] !== "true") {
-                throw new util_1.ConfigurationError(`Experimental and not officially supported Rust analysis requires setting ${envVar}=true in the environment`);
-            }
+            const experimental = "2.19.3";
+            const publicPreview = "2.22.1";
            const actualVer = (await codeql.getVersion()).version;
-            if (semver.lt(actualVer, minVer)) {
-                throw new util_1.ConfigurationError(`Experimental rust analysis is supported by CodeQL CLI version ${minVer} or higher, but found version ${actualVer}`);
+            if (semver.lt(actualVer, experimental)) {
+                throw new util_1.ConfigurationError(`Rust analysis is supported by CodeQL CLI version ${experimental} or higher, but found version ${actualVer}`);
+            }
+            if (semver.lt(actualVer, publicPreview)) {
+                core.exportVariable(environment_1.EnvVar.EXPERIMENTAL_FEATURES, "true");
+                logger.info("Experimental Rust analysis enabled");
            }
-            logger.info("Experimental rust analysis enabled");
        }
        config = await (0, init_1.initConfig)({
            languagesInput: (0, actions_util_1.getOptionalInput)("languages"),
@@ -400,35 +394,6 @@ async function run() {
                core.exportVariable(envVar, "false");
            }
        }
-        // Set CODEQL_EXTRACTOR_CPP_BUILD_MODE_NONE
-        if (config.languages.includes(languages_1.KnownLanguage.cpp)) {
-            const bmnVar = "CODEQL_EXTRACTOR_CPP_BUILD_MODE_NONE";
-            const value = process.env[bmnVar] ||
-                (await features.getValue(feature_flags_1.Feature.CppBuildModeNone, codeql));
-            logger.info(`Setting C++ build-mode: none to ${value}`);
-            core.exportVariable(bmnVar, value);
-        }
-        // For rust: set CODEQL_ENABLE_EXPERIMENTAL_FEATURES, unless codeql already supports rust without it
-        if (config.languages.includes(languages_1.KnownLanguage.rust) &&
-            !(await codeql.resolveLanguages()).rust) {
-            const feat = feature_flags_1.Feature.RustAnalysis;
-            const minVer = feature_flags_1.featureConfig[feat].minimumVersion;
-            const envVar = "CODEQL_ENABLE_EXPERIMENTAL_FEATURES";
-            // if in default setup, it means the feature flag was on when rust was enabled
-            // if the feature flag gets turned off, let's not have rust analysis throwing a configuration error
-            // in that case rust analysis will be disabled only when default setup is refreshed
-            if ((0, actions_util_1.isDefaultSetup)() || (await features.getValue(feat, codeql))) {
-                core.exportVariable(envVar, "true");
-            }
-            if (process.env[envVar] !== "true") {
-                throw new util_1.ConfigurationError(`Experimental and not officially supported Rust analysis requires setting ${envVar}=true in the environment`);
-            }
-            const actualVer = (await codeql.getVersion()).version;
-            if (semver.lt(actualVer, minVer)) {
-                throw new util_1.ConfigurationError(`Experimental rust analysis is supported by CodeQL CLI version ${minVer} or higher, but found version ${actualVer}`);
-            }
-            logger.info("Experimental rust analysis enabled");
-        }
        // Restore dependency cache(s), if they exist.
        if ((0, caching_utils_1.shouldRestoreCache)(config.dependencyCachingEnabled)) {
            await (0, dependency_caching_1.downloadDependencyCaches)(config.languages, logger);
@@ -53,6 +53,21 @@ var OverlayDatabaseMode;
    OverlayDatabaseMode["None"] = "none";
 })(OverlayDatabaseMode || (exports.OverlayDatabaseMode = OverlayDatabaseMode = {}));
 exports.CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.3";
+/**
+ * The maximum (uncompressed) size of the overlay base database that we will
+ * upload. Actions Cache has an overall capacity of 10 GB, and the Actions Cache
+ * client library uses zstd compression.
+ *
+ * Ideally we would apply a size limit to the compressed overlay-base database,
+ * but we cannot do so because compression is handled transparently by the
+ * Actions Cache client library. Instead we place a limit on the uncompressed
+ * size of the overlay-base database.
+ *
+ * Assuming 2.5:1 compression ratio, the 6 GB limit on uncompressed data would
+ * translate to a limit of around 2.4 GB after compression.
+ */
+const OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 6000;
+const OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1_000_000;
 /**
 * Writes a JSON file containing Git OIDs for all tracked files (represented
 * by path relative to the source root) under the source root. The file is
@@ -192,6 +207,19 @@ async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) {
        await codeql.databaseCleanupCluster(config, "overlay");
    });
    const dbLocation = config.dbLocation;
+    const databaseSizeBytes = await (0, util_1.tryGetFolderBytes)(dbLocation, logger);
+    if (databaseSizeBytes === undefined) {
+        logger.warning("Failed to determine database size. " +
+            "Skip uploading overlay-base database to cache.");
+        return false;
+    }
+    if (databaseSizeBytes > OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES) {
+        const databaseSizeMB = Math.round(databaseSizeBytes / 1_000_000);
+        logger.warning(`Database size (${databaseSizeMB} MB) ` +
+            `exceeds maximum upload size (${OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB} MB). ` +
+            "Skip uploading overlay-base database to cache.");
+        return false;
+    }
    const codeQlVersion = (await codeql.getVersion()).version;
    const checkoutPath = (0, actions_util_1.getRequiredInput)("checkout_path");
    const cacheKey = await generateCacheKey(config, codeQlVersion, checkoutPath);
@@ -622,7 +622,7 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger
        response.data.errors.length === 1 &&
        // eslint-disable-next-line @typescript-eslint/no-unsafe-call
        response.data.errors[0].toString().startsWith("unsuccessful execution")) {
-        logger.debug("Successfully uploaded a SARIF file for the unsuccessful execution. Received expected " +
+        logger.info("Successfully uploaded a SARIF file for the unsuccessful execution. Received expected " +
            '"unsuccessful execution" processing error, and no other errors.');
    }
    else if (status === "failed") {
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "3.29.9",
+  "version": "3.29.11",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
@@ -1,12 +1,12 @@
 {
  "name": "codeql",
-  "version": "3.29.9",
+  "version": "3.29.11",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "codeql",
-      "version": "3.29.9",
+      "version": "3.29.11",
      "license": "MIT",
      "dependencies": {
        "@actions/artifact": "^2.3.1",
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "3.29.9",
+  "version": "3.29.11",
  "private": true,
  "description": "CodeQL action",
  "scripts": {
@@ -5,6 +5,7 @@ description: >
  autobuild Action.
 operatingSystems: ["ubuntu", "windows"]
 versions: ["linked", "nightly-latest"]
+installJava: "true"
 env:
  CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true
 steps:
@@ -2,6 +2,7 @@ name: "Autobuild direct tracing"
 description: "An end-to-end integration test of a Java repository built using 'build-mode: autobuild', with direct tracing enabled"
 operatingSystems: ["ubuntu", "windows"]
 versions: ["linked", "nightly-latest"]
+installJava: "true"
 env:
  CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true
 steps:
@@ -19,7 +20,7 @@ steps:
      db-location: "${{ runner.temp }}/customDbLocation"
      languages: java
      tools: ${{ steps.prepare-test.outputs.tools-url }}
-    
+
  - name: Check that indirect tracing is disabled
    shell: bash
    run: |
@@ -1,5 +1,6 @@
 name: "Go: Custom queries"
 description: "Checks that Go works in conjunction with a config file specifying custom queries"
+collection: go
 operatingSystems:
  - ubuntu
 versions:
@@ -5,6 +5,7 @@ operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
 versions: ["default"]
 installGo: "true"
+collection: go
 steps:
  - uses: ./../action/init
    with:
@@ -5,6 +5,7 @@ operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
 versions: ["default"]
 installGo: "true"
+collection: go
 steps:
  - name: Remove `file` program
    run: |
@@ -5,6 +5,7 @@ operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
 versions: ["default"]
 installGo: "true"
+collection: go
 steps:
  - uses: ./../action/init
    with:
@@ -1,5 +1,6 @@
 name: "Go: tracing with autobuilder step"
 description: "Checks that Go tracing works when using an autobuilder step"
+collection: go
 operatingSystems: ["ubuntu", "macos"]
 env:
  DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
@@ -1,5 +1,6 @@
 name: "Go: tracing with custom build steps"
 description: "Checks that Go tracing traces the build when using custom build steps"
+collection: go
 operatingSystems: ["ubuntu", "macos"]
 installGo: "true"
 steps:
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Henry Mercer	e96e340c1e	Merge pull request #3043 from github/mergeback/v3.29.10-to-main-96f518a3 Mergeback v3.29.10 refs/heads/releases/v3 into main	2025-08-18 13:22:40 +01:00
github-actions[bot]	c4a96d2338	Update checked-in dependencies	2025-08-18 12:00:29 +00:00
github-actions[bot]	e90680ed26	Update changelog and version after v3.29.10	2025-08-18 11:46:17 +00:00
Henry Mercer	96f518a34f	Merge pull request #3042 from github/update-v3.29.10-6ec994ecb Merge main into releases/v3	2025-08-18 12:45:49 +01:00
github-actions[bot]	57a1c6b3e7	Update changelog for v3.29.10	2025-08-18 09:58:01 +00:00
Henry Mercer	6ec994ecba	Merge pull request #3039 from github/mbg/remove-cpp-bmn-check Remove unused C++ BMN FF	2025-08-18 10:53:36 +01:00
Michael B. Gale	3f00c7c1e1	Remove unused C++ BMN FF	2025-08-15 21:10:11 +01:00
Michael B. Gale	141ee4abd8	Remove C++ BMN FF check that is no longer used	2025-08-15 21:10:00 +01:00
Michael B. Gale	233052189b	Merge pull request #3037 from github/henrymercer/failed-upload-logs Bump log visibility for failed analysis upload	2025-08-15 18:47:21 +01:00
Henry Mercer	3966569d06	Merge pull request #3035 from github/henrymercer/fix-cleanup-info Only display `cleanup-info` log when relevant	2025-08-15 18:40:49 +01:00
Michael B. Gale	f7bd70c7fa	Merge branch 'main' into henrymercer/failed-upload-logs	2025-08-15 18:32:32 +01:00
Michael B. Gale	75151c2782	Merge branch 'main' into henrymercer/fix-cleanup-info	2025-08-15 18:28:16 +01:00
Michael B. Gale	4ff91f1080	Merge pull request #3036 from github/mbg/ci/gradle9 Add workflow generator option for installing Java	2025-08-15 18:25:11 +01:00
Michael B. Gale	1dafc5cf4c	Fix redundant `True` / `False`	2025-08-15 18:10:28 +01:00
Michael B. Gale	3119b35eed	Add template option for installing Java	2025-08-15 17:58:10 +01:00
Henry Mercer	5848d111cd	Bump log visibility for failed analysis upload Make it more obvious that the SARIF file for the unsuccessful execution was successfully uploaded.	2025-08-15 17:57:13 +01:00
Henry Mercer	537405376b	Only display `cleanup-info` log when relevant	2025-08-15 17:25:17 +01:00
Michael B. Gale	777f9173e8	Merge pull request #3030 from github/mbg/workflow-collections PR checks: support collections of workflows	2025-08-14 13:09:09 +01:00
Michael B. Gale	20c329c963	Sort template files to avoid ordering-issues	2025-08-14 12:08:22 +01:00
Michael B. Gale	bd79bc6b67	Automatically add `go-version` input if `installGo == true`	2025-08-14 11:52:35 +01:00
Michael B. Gale	9bd3c14196	Move up `workflowsInput` initialisation	2025-08-14 11:52:34 +01:00
Michael B. Gale	a592f71173	Allow inputs for `workflow_*` events, and propagate them through collections	2025-08-14 11:52:34 +01:00
Michael B. Gale	cf7a5d3e11	Add support for named collections of workflows	2025-08-14 11:52:34 +01:00
Michael B. Gale	092bf71d04	Add `workflow_call` triggers to PR checks	2025-08-14 11:52:34 +01:00
Chuan-kai Lin	7eb43b0788	Merge pull request #3031 from github/cklin/overlay-upload-limit Overlay: add database upload size limit	2025-08-13 07:26:50 -07:00
Chuan-kai Lin	eeeb083a28	Overlay: add database upload size limit	2025-08-12 14:16:46 -07:00
Michael B. Gale	eef4c44f6b	Merge pull request #3029 from github/mbg/copilot/release-process Add Copilot instructions for release PRs	2025-08-12 12:51:16 +01:00
Paolo Tranquilli	60aa58a9e6	Merge pull request #2960 from github/redsun82/rust Rust: remove shipped feature flag	2025-08-12 13:47:14 +02:00
Paolo Tranquilli	df1ceaccd4	Merge branch 'main' into redsun82/rust	2025-08-12 13:33:24 +02:00
Paolo Tranquilli	486a50d837	Capitalize `Rust` in log	2025-08-12 13:33:21 +02:00
Henry Mercer	9dfbcfd29f	Merge pull request #3025 from github/dependabot/github_actions/actions-b7431406fe Bump the actions group with 3 updates	2025-08-12 12:24:05 +01:00
Michael B. Gale	cd4167966c	Manually edit PR instructions - Conditions all must be true, not just any one of them - Make it clearer that no files should be reviewed, except for the two listed ones	2025-08-12 11:51:44 +01:00
Michael B. Gale	1813a6cc1c	Fix typo	2025-08-12 11:48:05 +01:00
Michael B. Gale	df1a86546b	Merge pull request #3027 from github/mergeback/v3.29.9-to-main-df559355 Mergeback v3.29.9 refs/heads/releases/v3 into main	2025-08-12 11:43:21 +01:00
github-actions[bot]	790022db4c	Update checked-in dependencies	2025-08-12 10:32:26 +00:00
Paolo Tranquilli	a9c4652773	Fix `EXPERIMENTAL_FEATURES` environment variable	2025-08-12 12:31:02 +02:00
github-actions[bot]	93f2eeca89	Update changelog and version after v3.29.9	2025-08-12 10:30:48 +00:00
Michael B. Gale	9065906448	Add Copilot instructions for release PRs	2025-08-12 11:29:13 +01:00
Paolo Tranquilli	aa456a5447	Merge branch 'main' into redsun82/rust	2025-08-12 12:16:56 +02:00
github-actions[bot]	a1feaf3820	Rebuild	2025-08-12 09:25:28 +00:00
Henry Mercer	136e8b7a95	Update sources of generated workflows	2025-08-12 10:21:02 +01:00
dependabot[bot]	b1bfc45906	Bump the actions group with 3 updates Bumps the actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) Updates `actions/download-artifact` from 4 to 5 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v5) Updates `actions/create-github-app-token` from 2.0.6 to 2.1.1 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/create-github-app-token dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>	2025-08-12 02:10:43 +00:00
Paolo Tranquilli	bfa52a844d	Address review	2025-08-11 14:38:12 +02:00
Paolo Tranquilli	68da2c5e55	Merge branch 'main' into redsun82/rust	2025-08-11 14:34:45 +02:00
Paolo Tranquilli	67812dd611	Rework rust code	2025-08-08 12:10:18 +02:00
Paolo Tranquilli	068f150cb7	Merge branch 'main' into redsun82/rust	2025-08-08 11:49:04 +02:00
Paolo Tranquilli	8d19b249dd	Transpile	2025-08-06 06:38:05 +02:00
Paolo Tranquilli	68025974a1	Update comments on rust support in init-action Clarify comments regarding rust support in codeql versions	2025-08-06 06:35:34 +02:00
Paolo Tranquilli	3e4d85617c	Fix typo	2025-08-06 06:33:08 +02:00
Paolo Tranquilli	a58e7d8cef	Simplify rust check	2025-08-04 17:38:29 +02:00
Paolo Tranquilli	662cec85ed	Merge branch 'main' into redsun82/rust	2025-08-04 17:24:20 +02:00
Paolo Tranquilli	34786468fa	Rust: remove shipped feature flag	2025-07-03 15:43:01 +02:00