Merge pull request #2917 from github/mbg/use-cq-endpoint

Add new `quality-queries` input

.github/workflows/__quality-queries.yml

@@ -0,0 +1,100 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Quality queries input
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  quality-queries:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            version: linked
+          - os: macos-latest
+            version: linked
+          - os: windows-latest
+            version: linked
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
+    name: Quality queries input
+    permissions:
+      contents: read
+      security-events: read
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - uses: ./../action/init
+        with:
+          languages: javascript
+          quality-queries: code-quality
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
+      - name: Upload SARIF
+        uses: actions/upload-artifact@v4
+        with:
+          name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+          path: ${{ runner.temp }}/results/javascript.sarif
+          retention-days: 7
+      - name: Check config properties appear in SARIF
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
+        with:
+          script: |
+            const fs = require('fs');
+
+            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+            const run = sarif.runs[0];
+            const configSummary = run.properties.codeqlConfigSummary;
+
+            if (configSummary === undefined) {
+              core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
+            }
+            if (configSummary.disableDefaultQueries !== false) {
+              core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
+                `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
+            }
+            const expectedQueries = [{ type: 'builtinSuite', uses: 'code-quality' }];
+            // Use JSON.stringify to deep-equal the arrays.
+            if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
+              core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
+                `${JSON.stringify(configSummary.queries)}.`);
+            }
+            core.info('Finished config export tests.');
+    env:
+      CODEQL_ACTION_TEST_MODE: true

init/action.yml

@@ -83,6 +83,9 @@ inputs:
   queries:
     description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
     required: false
+  quality-queries:
+    description: '[Internal] Comma-separated list of code quality queries to run.'
+    required: false
   packs:
     description: >-
       Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not

lib/codeql.js

@@ -759,12 +759,14 @@ async function generateCodeScanningConfig(config, logger) {
     // make a copy so we can modify it
     const augmentedConfig = (0, util_1.cloneObject)(config.originalUserInput);
     // Inject the queries from the input
-    if (config.augmentationProperties.queriesInput) {
+    if (config.augmentationProperties.queriesInput ||
+        config.augmentationProperties.qualityQueriesInput) {
+        const queryInputs = (config.augmentationProperties.queriesInput || []).concat(config.augmentationProperties.qualityQueriesInput || []);
         if (config.augmentationProperties.queriesInputCombines) {
-            augmentedConfig.queries = (augmentedConfig.queries || []).concat(config.augmentationProperties.queriesInput);
+            augmentedConfig.queries = (augmentedConfig.queries || []).concat(queryInputs);
         }
         else {
-            augmentedConfig.queries = config.augmentationProperties.queriesInput;
+            augmentedConfig.queries = queryInputs;
         }
     }
     if (augmentedConfig.queries?.length === 0) {

lib/config-utils.js

@@ -80,6 +80,7 @@ exports.defaultAugmentationProperties = {
     packsInputCombines: false,
     packsInput: undefined,
     queriesInput: undefined,
+    qualityQueriesInput: undefined,
     defaultQueryFilters: [],
 };
 function getPacksStrInvalid(packStr, configFile) {
@@ -226,10 +227,10 @@ async function getRawLanguages(languagesInput, repository, logger) {
 /**
  * Get the default config for when the user has not supplied one.
  */
-async function getDefaultConfig({ languagesInput, queriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
+async function getDefaultConfig({ languagesInput, queriesInput, qualityQueriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
     const languages = await getLanguages(codeql, languagesInput, repository, logger);
     const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, languages, logger);
+    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, qualityQueriesInput, languages, logger);
     const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
     return {
         languages,
@@ -261,7 +262,7 @@ async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logg
 /**
  * Load the config from the given file.
  */
-async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, githubVersion, apiDetails, features, logger, }) {
+async function loadConfig({ languagesInput, queriesInput, qualityQueriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, githubVersion, apiDetails, features, logger, }) {
     let parsedYAML;
     if (isLocal(configFile)) {
         if (configFile !== userConfigFromActionPath(tempDir)) {
@@ -279,7 +280,7 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
     }
     const languages = await getLanguages(codeql, languagesInput, repository, logger);
     const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, languages, logger);
+    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, qualityQueriesInput, languages, logger);
     const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
     return {
         languages,
@@ -320,11 +321,12 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
  *     not have exactly one language.
  */
 // exported for testing.
-async function calculateAugmentation(codeql, features, rawPacksInput, rawQueriesInput, languages, logger) {
+async function calculateAugmentation(codeql, features, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, logger) {
     const packsInputCombines = shouldCombine(rawPacksInput);
     const packsInput = parsePacksFromInput(rawPacksInput, languages, packsInputCombines);
     const queriesInputCombines = shouldCombine(rawQueriesInput);
     const queriesInput = parseQueriesFromInput(rawQueriesInput, queriesInputCombines);
+    const qualityQueriesInput = parseQueriesFromInput(rawQualityQueriesInput, false);
     const defaultQueryFilters = [];
     if (await (0, diff_informed_analysis_utils_1.shouldPerformDiffInformedAnalysis)(codeql, features, logger)) {
         defaultQueryFilters.push({ exclude: { tags: "exclude-from-incremental" } });
@@ -334,6 +336,7 @@ async function calculateAugmentation(codeql, features, rawPacksInput, rawQueries
         packsInput: packsInput?.[languages[0]],
         queriesInput,
         queriesInputCombines,
+        qualityQueriesInput,
         defaultQueryFilters,
     };
 }

lib/config-utils.test.js

@@ -58,6 +58,7 @@ function createTestInitConfigInputs(overrides) {
     return Object.assign({}, {
         languagesInput: undefined,
         queriesInput: undefined,
+        qualityQueriesInput: undefined,
         packsInput: undefined,
         configFile: undefined,
         dbLocation: undefined,
@@ -623,58 +624,89 @@ const packSpecPrettyPrintingMacro = ava_1.default.macro({
 });
 const mockLogger = (0, logging_1.getRunnerLogger)(true);
 const calculateAugmentationMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedAugmentationProperties) => {
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, expectedAugmentationProperties) => {
-        const actualAugmentationProperties = await configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, languages, mockLogger);
+        const actualAugmentationProperties = await configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, mockLogger);
         t.deepEqual(actualAugmentationProperties, expectedAugmentationProperties);
     },
     title: (_, title) => `Calculate Augmentation: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, undefined, [languages_1.Language.javascript], {
     queriesInputCombines: false,
     queriesInput: undefined,
+    qualityQueriesInput: undefined,
     packsInputCombines: false,
     packsInput: undefined,
     defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", undefined, [languages_1.Language.javascript], {
     queriesInputCombines: false,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    qualityQueriesInput: undefined,
     packsInputCombines: false,
     packsInput: undefined,
     defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", undefined, [languages_1.Language.javascript], {
     queriesInputCombines: true,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    qualityQueriesInput: undefined,
     packsInputCombines: false,
     packsInput: undefined,
     defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With quality queries", undefined, undefined, " a, b , c, d", [languages_1.Language.javascript], {
     queriesInputCombines: false,
     queriesInput: undefined,
+    qualityQueriesInput: [
+        { uses: "a" },
+        { uses: "b" },
+        { uses: "c" },
+        { uses: "d" },
+    ],
+    packsInputCombines: false,
+    packsInput: undefined,
+    defaultQueryFilters: [],
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With security and quality queries", undefined, " a, b , c, d", "e, f , g,h", [languages_1.Language.javascript], {
+    queriesInputCombines: false,
+    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    qualityQueriesInput: [
+        { uses: "e" },
+        { uses: "f" },
+        { uses: "g" },
+        { uses: "h" },
+    ],
+    packsInputCombines: false,
+    packsInput: undefined,
+    defaultQueryFilters: [],
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, undefined, [languages_1.Language.javascript], {
+    queriesInputCombines: false,
+    queriesInput: undefined,
+    qualityQueriesInput: undefined,
     packsInputCombines: false,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
     defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, undefined, [languages_1.Language.javascript], {
     queriesInputCombines: false,
     queriesInput: undefined,
+    qualityQueriesInput: undefined,
     packsInputCombines: true,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
     defaultQueryFilters: [],
 });
 const calculateAugmentationErrorMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedError) => {
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, expectedError) => {
-        await t.throwsAsync(() => configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, languages, mockLogger), { message: expectedError });
+        await t.throwsAsync(() => configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, mockLogger), { message: expectedError });
     },
     title: (_, title) => `Calculate Augmentation Error: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, [], /No languages specified/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, undefined, [], /No languages specified/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
 (0, ava_1.default)("no generateRegistries when registries is undefined", async (t) => {
     return await (0, util_1.withTmpDir)(async (tmpDir) => {
         const registriesInput = undefined;

lib/init-action.js

@@ -192,6 +192,7 @@ async function run() {
         config = await (0, init_1.initConfig)({
             languagesInput: (0, actions_util_1.getOptionalInput)("languages"),
             queriesInput: (0, actions_util_1.getOptionalInput)("queries"),
+            qualityQueriesInput: (0, actions_util_1.getOptionalInput)("quality-queries"),
             packsInput: (0, actions_util_1.getOptionalInput)("packs"),
             buildModeInput: (0, actions_util_1.getOptionalInput)("build-mode"),
             configFile,

pr-checks/checks/quality-queries.yml

@@ -0,0 +1,45 @@
+name: "Quality queries input"
+description: "Tests that queries specified in the quality-queries input are used."
+versions: ["linked", "nightly-latest"]
+steps:
+  - uses: ./../action/init
+    with:
+      languages: javascript
+      quality-queries: code-quality
+      tools: ${{ steps.prepare-test.outputs.tools-url }}
+  - uses: ./../action/analyze
+    with:
+      output: "${{ runner.temp }}/results"
+      upload-database: false
+  - name: Upload SARIF
+    uses: actions/upload-artifact@v4
+    with:
+      name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+      path: "${{ runner.temp }}/results/javascript.sarif"
+      retention-days: 7
+  - name: Check config properties appear in SARIF
+    uses: actions/github-script@v7
+    env:
+      SARIF_PATH: "${{ runner.temp }}/results/javascript.sarif"
+    with:
+      script: |
+        const fs = require('fs');
+
+        const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+        const run = sarif.runs[0];
+        const configSummary = run.properties.codeqlConfigSummary;
+
+        if (configSummary === undefined) {
+          core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
+        }
+        if (configSummary.disableDefaultQueries !== false) {
+          core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
+            `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
+        }
+        const expectedQueries = [{ type: 'builtinSuite', uses: 'code-quality' }];
+        // Use JSON.stringify to deep-equal the arrays.
+        if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
+          core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
+            `${JSON.stringify(configSummary.queries)}.`);
+        }
+        core.info('Finished config export tests.');

src/codeql.ts

@@ -1219,13 +1219,20 @@ async function generateCodeScanningConfig(
   const augmentedConfig = cloneObject(config.originalUserInput);
 
   // Inject the queries from the input
-  if (config.augmentationProperties.queriesInput) {
+  if (
+    config.augmentationProperties.queriesInput ||
+    config.augmentationProperties.qualityQueriesInput
+  ) {
+    const queryInputs = (
+      config.augmentationProperties.queriesInput || []
+    ).concat(config.augmentationProperties.qualityQueriesInput || []);
+
     if (config.augmentationProperties.queriesInputCombines) {
       augmentedConfig.queries = (augmentedConfig.queries || []).concat(
-        config.augmentationProperties.queriesInput,
+        queryInputs,
       );
     } else {
-      augmentedConfig.queries = config.augmentationProperties.queriesInput;
+      augmentedConfig.queries = queryInputs;
     }
   }
   if (augmentedConfig.queries?.length === 0) {

src/config-utils.test.ts

@@ -47,6 +47,7 @@ function createTestInitConfigInputs(
     {
       languagesInput: undefined,
       queriesInput: undefined,
+      qualityQueriesInput: undefined,
       packsInput: undefined,
       configFile: undefined,
       dbLocation: undefined,
@@ -806,6 +807,7 @@ const calculateAugmentationMacro = test.macro({
     _title: string,
     rawPacksInput: string | undefined,
     rawQueriesInput: string | undefined,
+    rawQualityQueriesInput: string | undefined,
     languages: Language[],
     expectedAugmentationProperties: configUtils.AugmentationProperties,
   ) => {
@@ -815,6 +817,7 @@ const calculateAugmentationMacro = test.macro({
         createFeatures([]),
         rawPacksInput,
         rawQueriesInput,
+        rawQualityQueriesInput,
         languages,
         mockLogger,
       );
@@ -828,10 +831,12 @@ test(
   "All empty",
   undefined,
   undefined,
+  undefined,
   [Language.javascript],
   {
     queriesInputCombines: false,
     queriesInput: undefined,
+    qualityQueriesInput: undefined,
     packsInputCombines: false,
     packsInput: undefined,
     defaultQueryFilters: [],
@@ -843,10 +848,12 @@ test(
   "With queries",
   undefined,
   " a, b , c, d",
+  undefined,
   [Language.javascript],
   {
     queriesInputCombines: false,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    qualityQueriesInput: undefined,
     packsInputCombines: false,
     packsInput: undefined,
     defaultQueryFilters: [],
@@ -858,10 +865,56 @@ test(
   "With queries combining",
   undefined,
   "   +   a, b , c, d ",
+  undefined,
   [Language.javascript],
   {
     queriesInputCombines: true,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    qualityQueriesInput: undefined,
+    packsInputCombines: false,
+    packsInput: undefined,
+    defaultQueryFilters: [],
+  } as configUtils.AugmentationProperties,
+);
+
+test(
+  calculateAugmentationMacro,
+  "With quality queries",
+  undefined,
+  undefined,
+  " a, b , c, d",
+  [Language.javascript],
+  {
+    queriesInputCombines: false,
+    queriesInput: undefined,
+    qualityQueriesInput: [
+      { uses: "a" },
+      { uses: "b" },
+      { uses: "c" },
+      { uses: "d" },
+    ],
+    packsInputCombines: false,
+    packsInput: undefined,
+    defaultQueryFilters: [],
+  } as configUtils.AugmentationProperties,
+);
+
+test(
+  calculateAugmentationMacro,
+  "With security and quality queries",
+  undefined,
+  " a, b , c, d",
+  "e, f , g,h",
+  [Language.javascript],
+  {
+    queriesInputCombines: false,
+    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    qualityQueriesInput: [
+      { uses: "e" },
+      { uses: "f" },
+      { uses: "g" },
+      { uses: "h" },
+    ],
     packsInputCombines: false,
     packsInput: undefined,
     defaultQueryFilters: [],
@@ -873,10 +926,12 @@ test(
   "With packs",
   "   codeql/a , codeql/b   , codeql/c  , codeql/d  ",
   undefined,
+  undefined,
   [Language.javascript],
   {
     queriesInputCombines: false,
     queriesInput: undefined,
+    qualityQueriesInput: undefined,
     packsInputCombines: false,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
     defaultQueryFilters: [],
@@ -888,10 +943,12 @@ test(
   "With packs combining",
   "   +   codeql/a, codeql/b, codeql/c, codeql/d",
   undefined,
+  undefined,
   [Language.javascript],
   {
     queriesInputCombines: false,
     queriesInput: undefined,
+    qualityQueriesInput: undefined,
     packsInputCombines: true,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
     defaultQueryFilters: [],
@@ -904,6 +961,7 @@ const calculateAugmentationErrorMacro = test.macro({
     _title: string,
     rawPacksInput: string | undefined,
     rawQueriesInput: string | undefined,
+    rawQualityQueriesInput: string | undefined,
     languages: Language[],
     expectedError: RegExp | string,
   ) => {
@@ -914,6 +972,7 @@ const calculateAugmentationErrorMacro = test.macro({
           createFeatures([]),
           rawPacksInput,
           rawQueriesInput,
+          rawQualityQueriesInput,
           languages,
           mockLogger,
         ),
@@ -928,6 +987,7 @@ test(
   "Plus (+) with nothing else (queries)",
   undefined,
   "   +   ",
+  undefined,
   [Language.javascript],
   /The workflow property "queries" is invalid/,
 );
@@ -937,6 +997,7 @@ test(
   "Plus (+) with nothing else (packs)",
   "   +   ",
   undefined,
+  undefined,
   [Language.javascript],
   /The workflow property "packs" is invalid/,
 );
@@ -946,6 +1007,7 @@ test(
   "Packs input with multiple languages",
   "   +  a/b, c/d ",
   undefined,
+  undefined,
   [Language.javascript, Language.java],
   /Cannot specify a 'packs' input in a multi-language analysis/,
 );
@@ -955,6 +1017,7 @@ test(
   "Packs input with no languages",
   "   +  a/b, c/d ",
   undefined,
+  undefined,
   [],
   /No languages specified/,
 );
@@ -964,6 +1027,7 @@ test(
   "Invalid packs",
   " a-pack-without-a-scope ",
   undefined,
+  undefined,
   [Language.javascript],
   /"a-pack-without-a-scope" is not a valid pack/,
 );

src/config-utils.ts

@@ -170,6 +170,11 @@ export interface AugmentationProperties {
    */
   queriesInput?: Array<{ uses: string }>;
 
+  /**
+   * The quality queries input from the `with` block of the action declaration.
+   */
+  qualityQueriesInput?: Array<{ uses: string }>;
+
   /**
    * Whether or not the packs input combines with the packs in the config.
    */
@@ -195,6 +200,7 @@ export const defaultAugmentationProperties: AugmentationProperties = {
   packsInputCombines: false,
   packsInput: undefined,
   queriesInput: undefined,
+  qualityQueriesInput: undefined,
   defaultQueryFilters: [],
 };
 export type Packs = Partial<Record<Language, string[]>>;
@@ -405,6 +411,7 @@ export async function getRawLanguages(
 export interface InitConfigInputs {
   languagesInput: string | undefined;
   queriesInput: string | undefined;
+  qualityQueriesInput: string | undefined;
   packsInput: string | undefined;
   configFile: string | undefined;
   dbLocation: string | undefined;
@@ -440,6 +447,7 @@ type LoadConfigInputs = Omit<InitConfigInputs, "configInput"> & {
 export async function getDefaultConfig({
   languagesInput,
   queriesInput,
+  qualityQueriesInput,
   packsInput,
   buildModeInput,
   dbLocation,
@@ -474,6 +482,7 @@ export async function getDefaultConfig({
     features,
     packsInput,
     queriesInput,
+    qualityQueriesInput,
     languages,
     logger,
   );
@@ -528,6 +537,7 @@ async function downloadCacheWithTime(
 async function loadConfig({
   languagesInput,
   queriesInput,
+  qualityQueriesInput,
   packsInput,
   buildModeInput,
   configFile,
@@ -583,6 +593,7 @@ async function loadConfig({
     features,
     packsInput,
     queriesInput,
+    qualityQueriesInput,
     languages,
     logger,
   );
@@ -639,6 +650,7 @@ export async function calculateAugmentation(
   features: FeatureEnablement,
   rawPacksInput: string | undefined,
   rawQueriesInput: string | undefined,
+  rawQualityQueriesInput: string | undefined,
   languages: Language[],
   logger: Logger,
 ): Promise<AugmentationProperties> {
@@ -654,6 +666,11 @@ export async function calculateAugmentation(
     queriesInputCombines,
   );
 
+  const qualityQueriesInput = parseQueriesFromInput(
+    rawQualityQueriesInput,
+    false,
+  );
+
   const defaultQueryFilters: QueryFilter[] = [];
   if (await shouldPerformDiffInformedAnalysis(codeql, features, logger)) {
     defaultQueryFilters.push({ exclude: { tags: "exclude-from-incremental" } });
@@ -664,6 +681,7 @@ export async function calculateAugmentation(
     packsInput: packsInput?.[languages[0]],
     queriesInput,
     queriesInputCombines,
+    qualityQueriesInput,
     defaultQueryFilters,
   };
 }

src/init-action.ts

@@ -342,6 +342,7 @@ async function run() {
     config = await initConfig({
       languagesInput: getOptionalInput("languages"),
       queriesInput: getOptionalInput("queries"),
+      qualityQueriesInput: getOptionalInput("quality-queries"),
       packsInput: getOptionalInput("packs"),
       buildModeInput: getOptionalInput("build-mode"),
       configFile,