Merge pull request #1757 from github/henrymercer/cli-deprecation-warning

Add a deprecation warning for CodeQL CLIs < 2.9.4

CHANGELOG.md

@@ -2,7 +2,9 @@
 
 ## [UNRELEASED]
 
-No user facing changes.
+- This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
+  - If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
+  - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/*@v2' by 'github/codeql-action/*@v2.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
 
 ## 2.20.3 - 06 Jul 2023
 

lib/actions-util.js

@@ -31,7 +31,7 @@ const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const safeWhich = __importStar(require("@chrisgavin/safe-which"));
 const api = __importStar(require("./api-client"));
-const sharedEnv = __importStar(require("./shared-environment"));
+const environment_1 = require("./environment");
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
 // eslint-disable-next-line import/no-commonjs
@@ -290,25 +290,25 @@ exports.getActionVersion = getActionVersion;
 async function createStatusReportBase(actionName, status, actionStartedAt, cause, exception) {
     const commitOid = (0, exports.getOptionalInput)("sha") || process.env["GITHUB_SHA"] || "";
     const ref = await getRef();
-    const jobRunUUID = process.env[sharedEnv.JOB_RUN_UUID] || "";
+    const jobRunUUID = process.env[environment_1.EnvVar.JOB_RUN_UUID] || "";
     const workflowRunID = (0, workflow_1.getWorkflowRunID)();
     const workflowRunAttempt = (0, workflow_1.getWorkflowRunAttempt)();
     const workflowName = process.env["GITHUB_WORKFLOW"] || "";
     const jobName = process.env["GITHUB_JOB"] || "";
     const analysis_key = await getAnalysisKey();
-    let workflowStartedAt = process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT];
+    let workflowStartedAt = process.env[environment_1.EnvVar.WORKFLOW_STARTED_AT];
     if (workflowStartedAt === undefined) {
         workflowStartedAt = actionStartedAt.toISOString();
-        core.exportVariable(sharedEnv.CODEQL_WORKFLOW_STARTED_AT, workflowStartedAt);
+        core.exportVariable(environment_1.EnvVar.WORKFLOW_STARTED_AT, workflowStartedAt);
     }
     const runnerOs = (0, util_1.getRequiredEnvParam)("RUNNER_OS");
     const codeQlCliVersion = (0, util_1.getCachedCodeQlVersion)();
     const actionRef = process.env["GITHUB_ACTION_REF"];
-    const testingEnvironment = process.env[sharedEnv.CODEQL_ACTION_TESTING_ENVIRONMENT] || "";
+    const testingEnvironment = process.env[environment_1.EnvVar.TESTING_ENVIRONMENT] || "";
     // re-export the testing environment variable so that it is available to subsequent steps,
     // even if it was only set for this step
     if (testingEnvironment !== "") {
-        core.exportVariable(sharedEnv.CODEQL_ACTION_TESTING_ENVIRONMENT, testingEnvironment);
+        core.exportVariable(environment_1.EnvVar.TESTING_ENVIRONMENT, testingEnvironment);
     }
     const statusReport = {
         job_run_uuid: jobRunUUID,

lib/actions-util.test.js

@@ -31,7 +31,7 @@ const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
 const actionsutil = __importStar(require("./actions-util"));
-const sharedEnv = __importStar(require("./shared-environment"));
+const environment_1 = require("./environment");
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
@@ -170,7 +170,7 @@ const util_1 = require("./util");
 });
 (0, ava_1.default)("initializeEnvironment", (t) => {
     (0, util_1.initializeEnvironment)("1.2.3");
-    t.deepEqual(process.env.CODEQL_ACTION_VERSION, "1.2.3");
+    t.deepEqual(process.env[environment_1.EnvVar.VERSION], "1.2.3");
 });
 (0, ava_1.default)("isAnalyzingDefaultBranch()", async (t) => {
     process.env["GITHUB_EVENT_NAME"] = "push";
@@ -235,8 +235,7 @@ const util_1 = require("./util");
         t.assert(statusReport.ref === process.env["GITHUB_REF"]);
         t.assert(statusReport.action_name === "init");
         t.assert(statusReport.action_oid === "unknown");
-        t.assert(statusReport.started_at ===
+        t.assert(statusReport.started_at === process.env[environment_1.EnvVar.WORKFLOW_STARTED_AT]);
-            process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT]);
         t.assert(statusReport.action_started_at ===
             new Date("May 19, 2023 05:19:00").toISOString());
         t.assert(statusReport.status === "failure");

lib/analyze-action.js

@@ -38,11 +38,11 @@ const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const database_upload_1 = require("./database-upload");
+const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
-const shared_environment_1 = require("./shared-environment");
 const trap_caching_1 = require("./trap-caching");
 const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
@@ -114,7 +114,7 @@ async function runAutobuildIfLegacyGoWorkflow(config, logger) {
     if (!config.languages.includes(languages_1.Language.go)) {
         return;
     }
-    if (process.env[shared_environment_1.CODEQL_ACTION_DID_AUTOBUILD_GOLANG] === "true") {
+    if (process.env[environment_1.EnvVar.DID_AUTOBUILD_GOLANG] === "true") {
         logger.debug("Won't run Go autobuild since it has already been run.");
         return;
     }
@@ -202,7 +202,7 @@ async function run() {
         if (actionsUtil.getOptionalInput("expect-error") === "true") {
             core.setFailed(`expect-error input was set to true but no error was thrown.`);
         }
-        core.exportVariable(shared_environment_1.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY, "true");
+        core.exportVariable(environment_1.EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY, "true");
     }
     catch (unwrappedError) {
         const error = (0, util_1.wrapError)(unwrappedError);

lib/autobuild-action.js

@@ -28,9 +28,9 @@ const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const autobuild_1 = require("./autobuild");
 const configUtils = __importStar(require("./config-utils"));
+const environment_1 = require("./environment");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
-const shared_environment_1 = require("./shared-environment");
 const util_1 = require("./util");
 async function sendCompletedStatusReport(startedAt, allLanguages, failingLanguage, cause) {
     (0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)());
@@ -69,7 +69,7 @@ async function run() {
                 currentLanguage = language;
                 await (0, autobuild_1.runAutobuild)(language, config, logger);
                 if (language === languages_1.Language.go) {
-                    core.exportVariable(shared_environment_1.CODEQL_ACTION_DID_AUTOBUILD_GOLANG, "true");
+                    core.exportVariable(environment_1.EnvVar.DID_AUTOBUILD_GOLANG, "true");
                 }
             }
         }

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAQwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAC9C,2CAAuC;AACvC,uCAA6C;AAC7C,6DAA0E;AAC1E,iCAIgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC7C,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE;oBAC5B,IAAI,CAAC,cAAc,CAAC,uDAAkC,EAAE,MAAM,CAAC,CAAC;iBACjE;aACF;SACF;KACF;IAAC,OAAO,cAAc,EAAE;QACvB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;KACxE;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAQwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAC9C,+CAAuC;AACvC,2CAAuC;AACvC,uCAA6C;AAC7C,iCAIgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC7C,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE;oBAC5B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;iBAC1D;aACF;SACF;KACF;IAAC,OAAO,cAAc,EAAE;QACvB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;KACxE;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/codeql.js

@@ -26,10 +26,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_NEW_ANALYSIS_SUMMARY = exports.CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const yaml = __importStar(require("js-yaml"));
 const actions_util_1 = require("./actions-util");
 const config_utils_1 = require("./config-utils");
+const environment_1 = require("./environment");
 const error_matcher_1 = require("./error-matcher");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
@@ -61,6 +63,10 @@ let cachedCodeQL = undefined;
  * on versions newer than this.
  */
 const CODEQL_MINIMUM_VERSION = "2.8.5";
+/**
+ * This version will shortly become the oldest version of CodeQL that the Action will run with.
+ */
+const CODEQL_NEXT_MINIMUM_VERSION = "2.9.4";
 /**
  * Versions of CodeQL that version-flag certain functionality in the Action.
  * For convenience, please keep these in descending order. Once a version
@@ -634,6 +640,21 @@ async function getCodeQLForCmd(cmd, checkVersion) {
         !(await util.codeQlVersionAbove(codeql, CODEQL_MINIMUM_VERSION))) {
         throw new Error(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${await codeql.getVersion()}`);
     }
+    else if (checkVersion &&
+        process.env[environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING] !== "true" &&
+        !(await util.codeQlVersionAbove(codeql, CODEQL_NEXT_MINIMUM_VERSION))) {
+        core.warning(`CodeQL CLI version ${await codeql.getVersion()} was deprecated on 2023-06-20 alongside ` +
+            "GitHub Enterprise Server 3.5 and will not be supported by the next release of the " +
+            `CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or ` +
+            "later. For instance, if you have specified a custom version of the CLI using the " +
+            "'tools' input to the 'init' Action, you can remove this input to use the default " +
+            "version.\n\n" +
+            "Alternatively, if you want to continue using CodeQL CLI version " +
+            `${await codeql.getVersion()}, you can replace 'github/codeql-action/*@v2' by ` +
+            "'github/codeql-action/*@v2.20.4' in your code scanning workflow to ensure you continue " +
+            "using this version of the CodeQL Action.");
+        core.exportVariable(environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING, "true");
+    }
     return codeql;
 }
 exports.getCodeQLForCmd = getCodeQLForCmd;

lib/environment.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnvVar = void 0;
+var EnvVar;
+(function (EnvVar) {
+    /** Set to true when the `analyze` Action completes successfully. */
+    EnvVar["ANALYZE_DID_COMPLETE_SUCCESSFULLY"] = "CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY";
+    /** Set to "true" when the CodeQL Action has invoked the Go autobuilder. */
+    EnvVar["DID_AUTOBUILD_GOLANG"] = "CODEQL_ACTION_DID_AUTOBUILD_GOLANG";
+    /**
+     * Used to disable the SARIF post-processing in the Action that removes duplicate locations from
+     * notifications in the `run[].invocations[].toolExecutionNotifications` SARIF property.
+     */
+    EnvVar["DISABLE_DUPLICATE_LOCATION_FIX"] = "CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX";
+    /**
+     * If set to the "true" string, then the CodeQL Action is using its
+     * own deprecated and non-standard way of scanning for multiple
+     * languages.
+     */
+    EnvVar["FEATURE_MULTI_LANGUAGE"] = "CODEQL_ACTION_FEATURE_MULTI_LANGUAGE";
+    /**
+     * If set to the "true" string, then the CodeQL Action is using its
+     * own sandwiched workflow mechanism.
+     */
+    EnvVar["FEATURE_SANDWICH"] = "CODEQL_ACTION_FEATURE_SANDWICH";
+    /**
+     * If set to a truthy value, then the CodeQL Action might combine SARIF
+     * output from several `interpret-results` runs for the same language.
+     */
+    EnvVar["FEATURE_SARIF_COMBINE"] = "CODEQL_ACTION_FEATURE_SARIF_COMBINE";
+    /**
+     * If set to the "true" string, then the CodeQL Action will upload SARIF,
+     * not the CLI.
+     */
+    EnvVar["FEATURE_WILL_UPLOAD"] = "CODEQL_ACTION_FEATURE_WILL_UPLOAD";
+    /** UUID representing the current job run. */
+    EnvVar["JOB_RUN_UUID"] = "JOB_RUN_UUID";
+    EnvVar["ODASA_TRACER_CONFIGURATION"] = "ODASA_TRACER_CONFIGURATION";
+    /** Whether to suppress the warning if the current CLI will soon be unsupported. */
+    EnvVar["SUPPRESS_DEPRECATED_SOON_WARNING"] = "CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING";
+    /** Used to disable uploading SARIF results or status reports to the GitHub API */
+    EnvVar["TEST_MODE"] = "CODEQL_ACTION_TEST_MODE";
+    EnvVar["TESTING_ENVIRONMENT"] = "CODEQL_ACTION_TESTING_ENVIRONMENT";
+    /** Semver of the CodeQL Action as specified in `package.json`. */
+    EnvVar["VERSION"] = "CODEQL_ACTION_VERSION";
+    /**
+     * The time at which the first action (normally init) started executing.
+     * If a workflow invokes a different action without first invoking the init
+     * action (i.e. the upload action is being used by a third-party integrator)
+     * then this variable will be assigned the start time of the action invoked
+     * rather that the init action.
+     */
+    EnvVar["WORKFLOW_STARTED_AT"] = "CODEQL_WORKFLOW_STARTED_AT";
+})(EnvVar = exports.EnvVar || (exports.EnvVar = {}));
+//# sourceMappingURL=environment.js.map

lib/environment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA,IAAY,MA8DX;AA9DD,WAAY,MAAM;IAChB,oEAAoE;IACpE,+FAAqF,CAAA;IAErF,2EAA2E;IAC3E,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;;OAIG;IACH,yEAA+D,CAAA;IAE/D;;;OAGG;IACH,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D;;;OAGG;IACH,mEAAyD,CAAA;IAEzD,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,mEAAyD,CAAA;IAEzD,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,kFAAkF;IAClF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;AACpD,CAAC,EA9DW,MAAM,GAAN,cAAM,KAAN,cAAM,QA8DjB"}

lib/init-action-post-helper.js

@@ -28,8 +28,8 @@ const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
+const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
-const shared_environment_1 = require("./shared-environment");
 const uploadLib = __importStar(require("./upload-lib"));
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
@@ -79,7 +79,7 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
     return uploadResult?.statusReport ?? {};
 }
 async function tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger) {
-    if (process.env[shared_environment_1.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
+    if (process.env[environment_1.EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
         try {
             return await maybeUploadFailedSarif(config, repositoryNwo, features, logger);
         }

lib/init-action-post-helper.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAKgB;AAChB,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,MAAM,YAAY,GAAG,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC;IACtC,OAAO;QACL,uBAAuB,EAAE,YAAY,CAAC,OAAO;QAC7C,6BAA6B,EAAE,YAAY,CAAC,KAAK;KAClD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,EAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,QAAQ,CAClC,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CACzC;QACD,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;IAEvC,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,kFAAkF;IAClF,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EACpE;QACA,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;KAC7D;SAAM;QACL,8EAA8E;QAC9E,MAAM,MAAM,CAAC,yBAAyB,CACpC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;KACH;IAED,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,KAAK,GAAG,CACzC,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AAtDD,kBAsDC"}
+{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AACvC,mDAA6D;AAG7D,wDAA0C;AAC1C,iCAKgB;AAChB,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,MAAM,YAAY,GAAG,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC;IACtC,OAAO;QACL,uBAAuB,EAAE,YAAY,CAAC,OAAO;QAC7C,6BAA6B,EAAE,YAAY,CAAC,KAAK;KAClD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,EAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,QAAQ,CAClC,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CACzC;QACD,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;IAEvC,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,kFAAkF;IAClF,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EACpE;QACA,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;KAC7D;SAAM;QACL,8EAA8E;QAC9E,MAAM,MAAM,CAAC,yBAAyB,CACpC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;KACH;IAED,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,iCAAiC,CAAC,KAAK,MAAM,EAAE;QACpE,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,KAAK,GAAG,CACzC,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AAtDD,kBAsDC"}

lib/init-action.js

@@ -28,12 +28,12 @@ const core = __importStar(require("@actions/core"));
 const uuid_1 = require("uuid");
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
+const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const init_1 = require("./init");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
-const sharedEnv = __importStar(require("./shared-environment"));
 const trap_caching_1 = require("./trap-caching");
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
@@ -116,7 +116,7 @@ async function run() {
     const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
     const registriesInput = (0, actions_util_1.getOptionalInput)("registries");
     const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
-    core.exportVariable(sharedEnv.JOB_RUN_UUID, (0, uuid_1.v4)());
+    core.exportVariable(environment_1.EnvVar.JOB_RUN_UUID, (0, uuid_1.v4)());
     try {
         const workflowErrors = await (0, workflow_1.validateWorkflow)(logger);
         if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "starting", startedAt, workflowErrors)))) {

lib/shared-environment.js

@@ -1,65 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.JOB_RUN_UUID = exports.ODASA_TRACER_CONFIGURATION = exports.CODEQL_WORKFLOW_STARTED_AT = exports.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX = exports.CODEQL_ACTION_TEST_MODE = exports.CODEQL_ACTION_TESTING_ENVIRONMENT = exports.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY = exports.CODEQL_ACTION_DID_AUTOBUILD_GOLANG = exports.EnvVar = void 0;
-/**
- * Environment variables to be set by codeql-action and used by the
- * CLI.
- */
-var EnvVar;
-(function (EnvVar) {
-    /**
-     * Semver of the codeql-action as specified in package.json.
-     */
-    EnvVar["VERSION"] = "CODEQL_ACTION_VERSION";
-    /**
-     * If set to a truthy value, then the codeql-action might combine SARIF
-     * output from several `interpret-results` runs for the same Language.
-     */
-    EnvVar["FEATURE_SARIF_COMBINE"] = "CODEQL_ACTION_FEATURE_SARIF_COMBINE";
-    /**
-     * If set to the "true" string, then the codeql-action will upload SARIF,
-     * not the cli.
-     */
-    EnvVar["FEATURE_WILL_UPLOAD"] = "CODEQL_ACTION_FEATURE_WILL_UPLOAD";
-    /**
-     * If set to the "true" string, then the codeql-action is using its
-     * own deprecated and non-standard way of scanning for multiple
-     * languages.
-     */
-    EnvVar["FEATURE_MULTI_LANGUAGE"] = "CODEQL_ACTION_FEATURE_MULTI_LANGUAGE";
-    /**
-     * If set to the "true" string, then the codeql-action is using its
-     * own sandwiched workflow mechanism
-     */
-    EnvVar["FEATURE_SANDWICH"] = "CODEQL_ACTION_FEATURE_SANDWICH";
-})(EnvVar = exports.EnvVar || (exports.EnvVar = {}));
-/**
- * Environment variable that is set to true when the CodeQL Action has invoked
- * the Go autobuilder.
- */
-exports.CODEQL_ACTION_DID_AUTOBUILD_GOLANG = "CODEQL_ACTION_DID_AUTOBUILD_GOLANG";
-/**
- * This environment variable is set to true when the `analyze` Action
- * completes successfully.
- */
-exports.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY = "CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY";
-exports.CODEQL_ACTION_TESTING_ENVIRONMENT = "CODEQL_ACTION_TESTING_ENVIRONMENT";
-/** Used to disable uploading SARIF results or status reports to the GitHub API */
-exports.CODEQL_ACTION_TEST_MODE = "CODEQL_ACTION_TEST_MODE";
-/**
- * Used to disable the SARIF post-processing in the Action that removes duplicate locations from
- * notifications in the `run[].invocations[].toolExecutionNotifications` SARIF property.
- */
-exports.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX = "CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX";
-/**
- * The time at which the first action (normally init) started executing.
- * If a workflow invokes a different action without first invoking the init
- * action (i.e. the upload action is being used by a third-party integrator)
- * then this variable will be assigned the start time of the action invoked
- * rather that the init action.
- */
-exports.CODEQL_WORKFLOW_STARTED_AT = "CODEQL_WORKFLOW_STARTED_AT";
-exports.ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION";
-/** UUID representing the current job run. */
-exports.JOB_RUN_UUID = "JOB_RUN_UUID";
-//# sourceMappingURL=shared-environment.js.map

lib/shared-environment.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,IAAY,MA8BX;AA9BD,WAAY,MAAM;IAChB;;OAEG;IACH,2CAAiC,CAAA;IAEjC;;;OAGG;IACH,uEAA6D,CAAA;IAE7D;;;OAGG;IACH,mEAAyD,CAAA;IAEzD;;;;OAIG;IACH,yEAA+D,CAAA;IAE/D;;;OAGG;IACH,6DAAmD,CAAA;AACrD,CAAC,EA9BW,MAAM,GAAN,cAAM,KAAN,cAAM,QA8BjB;AAED;;;GAGG;AACU,QAAA,kCAAkC,GAC7C,oCAAoC,CAAC;AAEvC;;;GAGG;AACU,QAAA,+CAA+C,GAC1D,iDAAiD,CAAC;AAEvC,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC;AAEtC,kFAAkF;AACrE,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AAEjE;;;GAGG;AACU,QAAA,4CAA4C,GACvD,8CAA8C,CAAC;AAEjD;;;;;;GAMG;AACU,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAE1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAEvE,6CAA6C;AAChC,QAAA,YAAY,GAAG,cAAc,CAAC"}

lib/upload-lib.js

@@ -36,9 +36,9 @@ const file_url_1 = __importDefault(require("file-url"));
 const jsonschema = __importStar(require("jsonschema"));
 const actionsUtil = __importStar(require("./actions-util"));
 const api = __importStar(require("./api-client"));
+const environment_1 = require("./environment");
 const fingerprints = __importStar(require("./fingerprints"));
 const repository_1 = require("./repository");
-const shared_environment_1 = require("./shared-environment");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 const workflow = __importStar(require("./workflow"));
@@ -213,7 +213,7 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
         workflow_run_attempt: workflowRunAttempt,
         checkout_uri: checkoutURI,
         environment,
-        started_at: process.env[shared_environment_1.CODEQL_WORKFLOW_STARTED_AT],
+        started_at: process.env[environment_1.EnvVar.WORKFLOW_STARTED_AT],
         tool_names: toolNames,
         base_ref: undefined,
         base_sha: undefined,

lib/util.js

@@ -38,8 +38,8 @@ const semver = __importStar(require("semver"));
 const api_client_1 = require("./api-client");
 const apiCompatibility = __importStar(require("./api-compatibility.json"));
 const config_utils_1 = require("./config-utils");
+const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
-const shared_environment_1 = require("./shared-environment");
 /**
  * Specifies bundle versions that are known to be broken
  * and will not be used if found in the toolcache.
@@ -337,11 +337,11 @@ exports.assertNever = assertNever;
  * knowing what version of CodeQL we're running.
  */
 function initializeEnvironment(version) {
-    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_MULTI_LANGUAGE), "false");
+    core.exportVariable(String(environment_1.EnvVar.FEATURE_MULTI_LANGUAGE), "false");
-    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_SANDWICH), "false");
+    core.exportVariable(String(environment_1.EnvVar.FEATURE_SANDWICH), "false");
-    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_SARIF_COMBINE), "true");
+    core.exportVariable(String(environment_1.EnvVar.FEATURE_SARIF_COMBINE), "true");
-    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_WILL_UPLOAD), "true");
+    core.exportVariable(String(environment_1.EnvVar.FEATURE_WILL_UPLOAD), "true");
-    core.exportVariable(String(shared_environment_1.EnvVar.VERSION), version);
+    core.exportVariable(String(environment_1.EnvVar.VERSION), version);
 }
 exports.initializeEnvironment = initializeEnvironment;
 /**
@@ -506,7 +506,7 @@ exports.getMlPoweredJsQueriesStatus = getMlPoweredJsQueriesStatus;
  * In test mode, we don't upload SARIF results or status reports to the GitHub API.
  */
 function isInTestMode() {
-    return process.env[shared_environment_1.CODEQL_ACTION_TEST_MODE] === "true";
+    return process.env[environment_1.EnvVar.TEST_MODE] === "true";
 }
 exports.isInTestMode = isInTestMode;
 /**
@@ -733,9 +733,9 @@ exports.fixInvalidNotifications = fixInvalidNotifications;
  * For context, see documentation of:
  * `CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX`. */
 function fixInvalidNotificationsInFile(inputPath, outputPath, logger) {
-    if (process.env[shared_environment_1.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX] === "true") {
+    if (process.env[environment_1.EnvVar.DISABLE_DUPLICATE_LOCATION_FIX] === "true") {
         logger.info("SARIF notification object duplicate location fix disabled by the " +
-            `${shared_environment_1.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX} environment variable.`);
+            `${environment_1.EnvVar.DISABLE_DUPLICATE_LOCATION_FIX} environment variable.`);
         fs.renameSync(inputPath, outputPath);
     }
     else {

lib/workflow.js

@@ -33,6 +33,7 @@ const zlib_1 = __importDefault(require("zlib"));
 const core = __importStar(require("@actions/core"));
 const yaml = __importStar(require("js-yaml"));
 const api = __importStar(require("./api-client"));
+const environment_1 = require("./environment");
 const util_1 = require("./util");
 function isObject(o) {
     return o !== null && typeof o === "object";
@@ -299,8 +300,7 @@ function getInputOrThrow(workflow, jobName, actionName, inputName, matrixVars) {
  */
 function getAnalyzeActionName() {
     if ((0, util_1.isInTestMode)() ||
-        process.env["CODEQL_ACTION_TESTING_ENVIRONMENT"] ===
+        process.env[environment_1.EnvVar.TESTING_ENVIRONMENT] === "codeql-action-pr-checks") {
-            "codeql-action-pr-checks") {
         return "./analyze";
     }
     else {

src/actions-util.test.ts

@@ -5,7 +5,7 @@ import test from "ava";
 import * as sinon from "sinon";
 
 import * as actionsutil from "./actions-util";
-import * as sharedEnv from "./shared-environment";
+import { EnvVar } from "./environment";
 import { setupActionsVars, setupTests } from "./testing-utils";
 import { initializeEnvironment, withTmpDir } from "./util";
 
@@ -211,7 +211,7 @@ test("computeAutomationID()", async (t) => {
 
 test("initializeEnvironment", (t) => {
   initializeEnvironment("1.2.3");
-  t.deepEqual(process.env.CODEQL_ACTION_VERSION, "1.2.3");
+  t.deepEqual(process.env[EnvVar.VERSION], "1.2.3");
 });
 
 test("isAnalyzingDefaultBranch()", async (t) => {
@@ -303,8 +303,7 @@ test("createStatusReportBase", async (t) => {
     t.assert(statusReport.action_name === "init");
     t.assert(statusReport.action_oid === "unknown");
     t.assert(
-      statusReport.started_at ===
+      statusReport.started_at === process.env[EnvVar.WORKFLOW_STARTED_AT]
-        process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT]
     );
     t.assert(
       statusReport.action_started_at ===

src/actions-util.ts

@@ -9,7 +9,7 @@ import { JSONSchemaForNPMPackageJsonFiles } from "@schemastore/package";
 
 import * as api from "./api-client";
 import { Config } from "./config-utils";
-import * as sharedEnv from "./shared-environment";
+import { EnvVar } from "./environment";
 import {
   doesDirectoryExist,
   getCachedCodeQlVersion,
@@ -443,32 +443,25 @@ export async function createStatusReportBase(
 ): Promise<StatusReportBase> {
   const commitOid = getOptionalInput("sha") || process.env["GITHUB_SHA"] || "";
   const ref = await getRef();
-  const jobRunUUID = process.env[sharedEnv.JOB_RUN_UUID] || "";
+  const jobRunUUID = process.env[EnvVar.JOB_RUN_UUID] || "";
   const workflowRunID = getWorkflowRunID();
   const workflowRunAttempt = getWorkflowRunAttempt();
   const workflowName = process.env["GITHUB_WORKFLOW"] || "";
   const jobName = process.env["GITHUB_JOB"] || "";
   const analysis_key = await getAnalysisKey();
-  let workflowStartedAt = process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT];
+  let workflowStartedAt = process.env[EnvVar.WORKFLOW_STARTED_AT];
   if (workflowStartedAt === undefined) {
     workflowStartedAt = actionStartedAt.toISOString();
-    core.exportVariable(
+    core.exportVariable(EnvVar.WORKFLOW_STARTED_AT, workflowStartedAt);
-      sharedEnv.CODEQL_WORKFLOW_STARTED_AT,
-      workflowStartedAt
-    );
   }
   const runnerOs = getRequiredEnvParam("RUNNER_OS");
   const codeQlCliVersion = getCachedCodeQlVersion();
   const actionRef = process.env["GITHUB_ACTION_REF"];
-  const testingEnvironment =
+  const testingEnvironment = process.env[EnvVar.TESTING_ENVIRONMENT] || "";
-    process.env[sharedEnv.CODEQL_ACTION_TESTING_ENVIRONMENT] || "";
   // re-export the testing environment variable so that it is available to subsequent steps,
   // even if it was only set for this step
   if (testingEnvironment !== "") {
-    core.exportVariable(
+    core.exportVariable(EnvVar.TESTING_ENVIRONMENT, testingEnvironment);
-      sharedEnv.CODEQL_ACTION_TESTING_ENVIRONMENT,
-      testingEnvironment
-    );
   }
 
   const statusReport: StatusReportBase = {

src/analyze-action.ts

@@ -19,14 +19,11 @@ import { runAutobuild } from "./autobuild";
 import { getCodeQL } from "./codeql";
 import { Config, getConfig } from "./config-utils";
 import { uploadDatabases } from "./database-upload";
+import { EnvVar } from "./environment";
 import { Features } from "./feature-flags";
 import { Language } from "./languages";
 import { getActionsLogger, Logger } from "./logging";
 import { parseRepositoryNwo } from "./repository";
-import {
-  CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY,
-  CODEQL_ACTION_DID_AUTOBUILD_GOLANG,
-} from "./shared-environment";
 import { getTotalCacheSize, uploadTrapCaches } from "./trap-caching";
 import * as uploadLib from "./upload-lib";
 import { UploadResult } from "./upload-lib";
@@ -144,7 +141,7 @@ async function runAutobuildIfLegacyGoWorkflow(config: Config, logger: Logger) {
   if (!config.languages.includes(Language.go)) {
     return;
   }
-  if (process.env[CODEQL_ACTION_DID_AUTOBUILD_GOLANG] === "true") {
+  if (process.env[EnvVar.DID_AUTOBUILD_GOLANG] === "true") {
     logger.debug("Won't run Go autobuild since it has already been run.");
     return;
   }
@@ -308,10 +305,7 @@ async function run() {
         `expect-error input was set to true but no error was thrown.`
       );
     }
-    core.exportVariable(
+    core.exportVariable(EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY, "true");
-      CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY,
-      "true"
-    );
   } catch (unwrappedError) {
     const error = wrapError(unwrappedError);
     if (

src/autobuild-action.ts

@@ -12,9 +12,9 @@ import {
 import { getGitHubVersion } from "./api-client";
 import { determineAutobuildLanguages, runAutobuild } from "./autobuild";
 import * as configUtils from "./config-utils";
+import { EnvVar } from "./environment";
 import { Language } from "./languages";
 import { getActionsLogger } from "./logging";
-import { CODEQL_ACTION_DID_AUTOBUILD_GOLANG } from "./shared-environment";
 import {
   checkGitHubVersionInRange,
   initializeEnvironment,
@@ -89,7 +89,7 @@ async function run() {
         currentLanguage = language;
         await runAutobuild(language, config, logger);
         if (language === Language.go) {
-          core.exportVariable(CODEQL_ACTION_DID_AUTOBUILD_GOLANG, "true");
+          core.exportVariable(EnvVar.DID_AUTOBUILD_GOLANG, "true");
         }
       }
     }

src/codeql.ts

@@ -1,12 +1,14 @@
 import * as fs from "fs";
 import * as path from "path";
 
+import * as core from "@actions/core";
 import * as toolrunner from "@actions/exec/lib/toolrunner";
 import * as yaml from "js-yaml";
 
 import { getOptionalInput } from "./actions-util";
 import * as api from "./api-client";
 import { Config, getGeneratedCodeScanningConfigPath } from "./config-utils";
+import { EnvVar } from "./environment";
 import { errorMatchers } from "./error-matcher";
 import {
   CodeQLDefaultVersionInfo,
@@ -270,6 +272,11 @@ let cachedCodeQL: CodeQL | undefined = undefined;
  */
 const CODEQL_MINIMUM_VERSION = "2.8.5";
 
+/**
+ * This version will shortly become the oldest version of CodeQL that the Action will run with.
+ */
+const CODEQL_NEXT_MINIMUM_VERSION = "2.9.4";
+
 /**
  * Versions of CodeQL that version-flag certain functionality in the Action.
  * For convenience, please keep these in descending order. Once a version
@@ -1037,6 +1044,24 @@ export async function getCodeQLForCmd(
     throw new Error(
       `Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${await codeql.getVersion()}`
     );
+  } else if (
+    checkVersion &&
+    process.env[EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING] !== "true" &&
+    !(await util.codeQlVersionAbove(codeql, CODEQL_NEXT_MINIMUM_VERSION))
+  ) {
+    core.warning(
+      `CodeQL CLI version ${await codeql.getVersion()} was deprecated on 2023-06-20 alongside ` +
+        "GitHub Enterprise Server 3.5 and will not be supported by the next release of the " +
+        `CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or ` +
+        "later. For instance, if you have specified a custom version of the CLI using the " +
+        "'tools' input to the 'init' Action, you can remove this input to use the default " +
+        "version.\n\n" +
+        "Alternatively, if you want to continue using CodeQL CLI version " +
+        `${await codeql.getVersion()}, you can replace 'github/codeql-action/*@v2' by ` +
+        "'github/codeql-action/*@v2.20.4' in your code scanning workflow to ensure you continue " +
+        "using this version of the CodeQL Action."
+    );
+    core.exportVariable(EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING, "true");
   }
   return codeql;
 }

src/environment.ts

@@ -0,0 +1,63 @@
+export enum EnvVar {
+  /** Set to true when the `analyze` Action completes successfully. */
+  ANALYZE_DID_COMPLETE_SUCCESSFULLY = "CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY",
+
+  /** Set to "true" when the CodeQL Action has invoked the Go autobuilder. */
+  DID_AUTOBUILD_GOLANG = "CODEQL_ACTION_DID_AUTOBUILD_GOLANG",
+
+  /**
+   * Used to disable the SARIF post-processing in the Action that removes duplicate locations from
+   * notifications in the `run[].invocations[].toolExecutionNotifications` SARIF property.
+   */
+  DISABLE_DUPLICATE_LOCATION_FIX = "CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX",
+
+  /**
+   * If set to the "true" string, then the CodeQL Action is using its
+   * own deprecated and non-standard way of scanning for multiple
+   * languages.
+   */
+  FEATURE_MULTI_LANGUAGE = "CODEQL_ACTION_FEATURE_MULTI_LANGUAGE",
+
+  /**
+   * If set to the "true" string, then the CodeQL Action is using its
+   * own sandwiched workflow mechanism.
+   */
+  FEATURE_SANDWICH = "CODEQL_ACTION_FEATURE_SANDWICH",
+
+  /**
+   * If set to a truthy value, then the CodeQL Action might combine SARIF
+   * output from several `interpret-results` runs for the same language.
+   */
+  FEATURE_SARIF_COMBINE = "CODEQL_ACTION_FEATURE_SARIF_COMBINE",
+
+  /**
+   * If set to the "true" string, then the CodeQL Action will upload SARIF,
+   * not the CLI.
+   */
+  FEATURE_WILL_UPLOAD = "CODEQL_ACTION_FEATURE_WILL_UPLOAD",
+
+  /** UUID representing the current job run. */
+  JOB_RUN_UUID = "JOB_RUN_UUID",
+
+  ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION",
+
+  /** Whether to suppress the warning if the current CLI will soon be unsupported. */
+  SUPPRESS_DEPRECATED_SOON_WARNING = "CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING",
+
+  /** Used to disable uploading SARIF results or status reports to the GitHub API */
+  TEST_MODE = "CODEQL_ACTION_TEST_MODE",
+
+  TESTING_ENVIRONMENT = "CODEQL_ACTION_TESTING_ENVIRONMENT",
+
+  /** Semver of the CodeQL Action as specified in `package.json`. */
+  VERSION = "CODEQL_ACTION_VERSION",
+
+  /**
+   * The time at which the first action (normally init) started executing.
+   * If a workflow invokes a different action without first invoking the init
+   * action (i.e. the upload action is being used by a third-party integrator)
+   * then this variable will be assigned the start time of the action invoked
+   * rather that the init action.
+   */
+  WORKFLOW_STARTED_AT = "CODEQL_WORKFLOW_STARTED_AT",
+}

src/init-action-post-helper.ts

@@ -3,10 +3,10 @@ import * as core from "@actions/core";
 import * as actionsUtil from "./actions-util";
 import { getCodeQL } from "./codeql";
 import { Config, getConfig } from "./config-utils";
+import { EnvVar } from "./environment";
 import { Feature, FeatureEnablement } from "./feature-flags";
 import { Logger } from "./logging";
 import { RepositoryNwo } from "./repository";
-import { CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY } from "./shared-environment";
 import * as uploadLib from "./upload-lib";
 import {
   getRequiredEnvParam,
@@ -114,7 +114,7 @@ export async function tryUploadSarifIfRunFailed(
   features: FeatureEnablement,
   logger: Logger
 ): Promise<UploadFailedSarifResult> {
-  if (process.env[CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
+  if (process.env[EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
     try {
       return await maybeUploadFailedSarif(
         config,

src/init-action.ts

@@ -16,6 +16,7 @@ import {
 import { getGitHubVersion } from "./api-client";
 import { CodeQL } from "./codeql";
 import * as configUtils from "./config-utils";
+import { EnvVar } from "./environment";
 import { Feature, Features } from "./feature-flags";
 import {
   initCodeQL,
@@ -27,7 +28,6 @@ import {
 import { Language } from "./languages";
 import { getActionsLogger, Logger } from "./logging";
 import { parseRepositoryNwo } from "./repository";
-import * as sharedEnv from "./shared-environment";
 import { getTotalCacheSize } from "./trap-caching";
 import {
   checkForTimeout,
@@ -214,7 +214,7 @@ async function run() {
     logger
   );
 
-  core.exportVariable(sharedEnv.JOB_RUN_UUID, uuidV4());
+  core.exportVariable(EnvVar.JOB_RUN_UUID, uuidV4());
 
   try {
     const workflowErrors = await validateWorkflow(logger);

src/shared-environment.ts

@@ -1,76 +0,0 @@
-/**
- * Environment variables to be set by codeql-action and used by the
- * CLI.
- */
-export enum EnvVar {
-  /**
-   * Semver of the codeql-action as specified in package.json.
-   */
-  VERSION = "CODEQL_ACTION_VERSION",
-
-  /**
-   * If set to a truthy value, then the codeql-action might combine SARIF
-   * output from several `interpret-results` runs for the same Language.
-   */
-  FEATURE_SARIF_COMBINE = "CODEQL_ACTION_FEATURE_SARIF_COMBINE",
-
-  /**
-   * If set to the "true" string, then the codeql-action will upload SARIF,
-   * not the cli.
-   */
-  FEATURE_WILL_UPLOAD = "CODEQL_ACTION_FEATURE_WILL_UPLOAD",
-
-  /**
-   * If set to the "true" string, then the codeql-action is using its
-   * own deprecated and non-standard way of scanning for multiple
-   * languages.
-   */
-  FEATURE_MULTI_LANGUAGE = "CODEQL_ACTION_FEATURE_MULTI_LANGUAGE",
-
-  /**
-   * If set to the "true" string, then the codeql-action is using its
-   * own sandwiched workflow mechanism
-   */
-  FEATURE_SANDWICH = "CODEQL_ACTION_FEATURE_SANDWICH",
-}
-
-/**
- * Environment variable that is set to true when the CodeQL Action has invoked
- * the Go autobuilder.
- */
-export const CODEQL_ACTION_DID_AUTOBUILD_GOLANG =
-  "CODEQL_ACTION_DID_AUTOBUILD_GOLANG";
-
-/**
- * This environment variable is set to true when the `analyze` Action
- * completes successfully.
- */
-export const CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY =
-  "CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY";
-
-export const CODEQL_ACTION_TESTING_ENVIRONMENT =
-  "CODEQL_ACTION_TESTING_ENVIRONMENT";
-
-/** Used to disable uploading SARIF results or status reports to the GitHub API */
-export const CODEQL_ACTION_TEST_MODE = "CODEQL_ACTION_TEST_MODE";
-
-/**
- * Used to disable the SARIF post-processing in the Action that removes duplicate locations from
- * notifications in the `run[].invocations[].toolExecutionNotifications` SARIF property.
- */
-export const CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX =
-  "CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX";
-
-/**
- * The time at which the first action (normally init) started executing.
- * If a workflow invokes a different action without first invoking the init
- * action (i.e. the upload action is being used by a third-party integrator)
- * then this variable will be assigned the start time of the action invoked
- * rather that the init action.
- */
-export const CODEQL_WORKFLOW_STARTED_AT = "CODEQL_WORKFLOW_STARTED_AT";
-
-export const ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION";
-
-/** UUID representing the current job run. */
-export const JOB_RUN_UUID = "JOB_RUN_UUID";

src/upload-lib.ts

@@ -10,10 +10,10 @@ import * as jsonschema from "jsonschema";
 
 import * as actionsUtil from "./actions-util";
 import * as api from "./api-client";
+import { EnvVar } from "./environment";
 import * as fingerprints from "./fingerprints";
 import { Logger } from "./logging";
 import { parseRepositoryNwo, RepositoryNwo } from "./repository";
-import { CODEQL_WORKFLOW_STARTED_AT } from "./shared-environment";
 import * as util from "./util";
 import { SarifFile, SarifResult, SarifRun, wrapError } from "./util";
 import * as workflow from "./workflow";
@@ -287,7 +287,7 @@ export function buildPayload(
     workflow_run_attempt: workflowRunAttempt,
     checkout_uri: checkoutURI,
     environment,
-    started_at: process.env[CODEQL_WORKFLOW_STARTED_AT],
+    started_at: process.env[EnvVar.WORKFLOW_STARTED_AT],
     tool_names: toolNames,
     base_ref: undefined as undefined | string,
     base_sha: undefined as undefined | string,

src/util.ts

@@ -16,14 +16,10 @@ import {
   parsePacksSpecification,
   prettyPrintPack,
 } from "./config-utils";
+import { EnvVar } from "./environment";
 import { Feature, FeatureEnablement } from "./feature-flags";
 import { Language } from "./languages";
 import { Logger } from "./logging";
-import {
-  CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX,
-  CODEQL_ACTION_TEST_MODE,
-  EnvVar,
-} from "./shared-environment";
 
 /**
  * Specifies bundle versions that are known to be broken
@@ -630,7 +626,7 @@ export function getMlPoweredJsQueriesStatus(config: Config): string {
  * In test mode, we don't upload SARIF results or status reports to the GitHub API.
  */
 export function isInTestMode(): boolean {
-  return process.env[CODEQL_ACTION_TEST_MODE] === "true";
+  return process.env[EnvVar.TEST_MODE] === "true";
 }
 
 /**
@@ -894,10 +890,10 @@ export function fixInvalidNotificationsInFile(
   outputPath: string,
   logger: Logger
 ): void {
-  if (process.env[CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX] === "true") {
+  if (process.env[EnvVar.DISABLE_DUPLICATE_LOCATION_FIX] === "true") {
     logger.info(
       "SARIF notification object duplicate location fix disabled by the " +
-        `${CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX} environment variable.`
+        `${EnvVar.DISABLE_DUPLICATE_LOCATION_FIX} environment variable.`
     );
     fs.renameSync(inputPath, outputPath);
   } else {

src/workflow.ts

@@ -6,6 +6,7 @@ import * as core from "@actions/core";
 import * as yaml from "js-yaml";
 
 import * as api from "./api-client";
+import { EnvVar } from "./environment";
 import { Logger } from "./logging";
 import { getRequiredEnvParam, isInTestMode } from "./util";
 
@@ -391,8 +392,7 @@ function getInputOrThrow(
 function getAnalyzeActionName() {
   if (
     isInTestMode() ||
-    process.env["CODEQL_ACTION_TESTING_ENVIRONMENT"] ===
+    process.env[EnvVar.TESTING_ENVIRONMENT] === "codeql-action-pr-checks"
-      "codeql-action-pr-checks"
   ) {
     return "./analyze";
   } else {