Merge pull request #2287 from github/update-v3.25.5-4a5197247

Merge main into releases/v3

.github/actions/release-initialise/action.yml

@@ -18,12 +18,12 @@ runs:
     - name: Set up Python
       uses: actions/setup-python@v5
       with:
-        python-version: 3.8
+        python-version: 3.12
 
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        pip install PyGithub==1.55 requests
+        pip install PyGithub==2.3.0 requests
       shell: bash
 
     - name: Update git config

.github/workflows/__all-platform-bundle.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   all-platform-bundle:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__analyze-ref-input.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   analyze-ref-input:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__autobuild-action.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   autobuild-action:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__autobuild-direct-tracing.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   autobuild-direct-tracing:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__build-mode-autobuild.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   build-mode-autobuild:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__build-mode-manual.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   build-mode-manual:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__build-mode-none.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   build-mode-none:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__build-mode-rollback.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   build-mode-rollback:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__config-export.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   config-export:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__config-input.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   config-input:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__cpp-deptrace-disabled.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   cpp-deptrace-disabled:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   cpp-deptrace-enabled-on-macos:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: macos-latest

.github/workflows/__cpp-deptrace-enabled.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   cpp-deptrace-enabled:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__diagnostics-export.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   diagnostics-export:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__export-file-baseline-information.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   export-file-baseline-information:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__extractor-ram-threads.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   extractor-ram-threads:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-custom-queries.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-custom-queries:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-indirect-tracing-workaround-diagnostic:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-indirect-tracing-workaround-no-file-program:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-indirect-tracing-workaround:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-tracing-autobuilder.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-tracing-autobuilder:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-tracing-custom-build-steps:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-tracing-legacy-workflow:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__init-with-registries.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   init-with-registries:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__javascript-source-root.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   javascript-source-root:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__language-aliases.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   language-aliases:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__multi-language-autodetect.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   multi-language-autodetect:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   packaging-codescanning-config-inputs-js:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__packaging-config-inputs-js.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   packaging-config-inputs-js:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__packaging-config-js.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   packaging-config-js:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__packaging-inputs-js.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   packaging-inputs-js:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__remote-config.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   remote-config:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__resolve-environment-action.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   resolve-environment-action:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__rubocop-multi-language.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   rubocop-multi-language:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__ruby.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   ruby:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__scaling-reserved-ram.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   scaling-reserved-ram:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__split-workflow.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   split-workflow:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__submit-sarif-failure.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   submit-sarif-failure:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__swift-custom-build.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   swift-custom-build:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__test-autobuild-working-dir.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   test-autobuild-working-dir:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__test-local-codeql.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   test-local-codeql:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__test-proxy.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   test-proxy:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__unset-environment.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   unset-environment:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__upload-ref-sha-input.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   upload-ref-sha-input:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__with-checkout-path.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   with-checkout-path:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/codeql.yml

@@ -73,6 +73,7 @@ jobs:
   build:
     needs: [check-codeql-versions]
     strategy:
+      fail-fast: false
       matrix:
         os: [ubuntu-20.04,ubuntu-22.04,windows-2019,windows-2022,macos-11,macos-12,macos-13]
         tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}

.github/workflows/codescanning-config-cli.yml

@@ -24,6 +24,7 @@ jobs:
     continue-on-error: true
 
     strategy:
+      fail-fast: false
       matrix:
         include:
         - os: ubuntu-latest

.github/workflows/debug-artifacts.yml

@@ -22,6 +22,7 @@ on:
 jobs:
   upload-artifacts:
     strategy:
+      fail-fast: false
       matrix:
         version:
         - stable-20230403

.github/workflows/pr-checks.yml

@@ -16,6 +16,7 @@ jobs:
     timeout-minutes: 45
 
     strategy:
+      fail-fast: false
       matrix:
         node-types-version: [16.11, current] # run tests on 16.11 while CodeQL Action v2 is still supported
 
@@ -89,6 +90,7 @@ jobs:
     name: Unit Test
     needs: [check-js, check-node-modules]
     strategy:
+      fail-fast: false
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
     runs-on: ${{ matrix.os }}

.github/workflows/test-codeql-bundle-all.yml

@@ -22,6 +22,7 @@ on:
 jobs:
   test-codeql-bundle-all:
     strategy:
+      fail-fast: false
       matrix:
         include:
         - os: ubuntu-latest

CHANGELOG.md

@@ -4,6 +4,11 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
 
+## 3.25.5 - 13 May 2024
+
+- Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the [README.md](README.md). [#2273](https://github.com/github/codeql-action/pull/2273)
+- Avoid printing out a warning for a missing `on.push` trigger when the CodeQL Action is triggered via a `workflow_call` event. [#2274](https://github.com/github/codeql-action/pull/2274)
+
 ## 3.25.4 - 08 May 2024
 
 - Update default CodeQL bundle version to 2.17.2. [#2270](https://github.com/github/codeql-action/pull/2270)
@@ -30,7 +35,7 @@ No user facing changes.
 
   - The `setup-python-dependencies` input to the `init` Action
   - The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable
-  
+
   We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
 - Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229)
 - Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232)

CONTRIBUTING.md

@@ -3,6 +3,7 @@
 [fork]: https://github.com/github/codeql-action/fork
 [pr]: https://github.com/github/codeql-action/compare
 [code-of-conduct]: CODE_OF_CONDUCT.md
+[readme]: README.md#supported-versions-of-the-codeql-cli-and-github-enterprise-server
 
 Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
 
@@ -84,6 +85,7 @@ We typically deprecate a version of CodeQL when the GitHub Enterprise Server (GH
 1. Notify users using the old version of CodeQL about the deprecation.
     - Update `CODEQL_NEXT_MINIMUM_VERSION`, `GHES_VERSION_MOST_RECENTLY_DEPRECATED`, and `GHES_MOST_RECENT_DEPRECATION_DATE` in `src/codeql.ts` to reflect the new minimum version of CodeQL and the GHES version that has just been deprecated.
     - Add a changelog note announcing the deprecation.
+    - Update the CLI version referenced in the [readme] by adding a new row to the compatibility table.
     - Example PR: https://github.com/github/codeql-action/pull/1884
 1. Release the Action, or wait for the next scheduled release of the Action, then wait at least a week so users have time to see and act on the deprecation warning.
 1. Remove support for the old version of CodeQL.

README.md

@@ -33,6 +33,22 @@ To provide the best experience to customers using older versions of GitHub Enter
 
 For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/)."
 
+## Supported versions of the CodeQL CLI and GitHub Enterprise Server
+
+We typically release new minor versions of the CodeQL Action and CLI when a new minor version of GitHub Enterprise Server (GHES) is released. When a version of GHES is deprecated, the CodeQL Action and CLI releases that shipped with it are deprecated as well.
+
+| Recommended CodeQL Action | Recommended CodeQL CLI Version | GitHub Environment |
+|---------|----------|--------------|
+| `v3` | default (do not pass a `tools` input) | GitHub.com |
+| `3.22.12` | `2.15.5` | Enterprise Server 3.12 |
+| `2.22.1` | `2.14.6` | Enterprise Server 3.11 |
+| `2.20.3` | `2.13.5` | Enterprise Server 3.10 |
+| `2.2.9` | `2.12.5` | Enterprise Server 3.9 |
+
+CodeQL Action `v2` will stop receiving updates when GHES 3.11 is deprecated.
+
+See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).
+
 ## Troubleshooting
 
 Read about [troubleshooting code scanning](https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning).

lib/analyze.js

@@ -225,13 +225,10 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, f
     }
     await fs.promises.mkdir(outputDir, { recursive: true });
     const timings = await finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag, logger);
-    // WARNING: This does not _really_ end tracing, as the tracer will restore its
+    // If we didn't already end tracing in the autobuild Action, end it now.
-    // critical environment variables and it'll still be active for all processes
+    if (process.env[environment_1.EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY] !== "true") {
-    // launched from this build step.
+        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger, features);
-    // However, it will stop tracing for all steps past the codeql-action/analyze
+    }
-    // step.
-    // Delete variables as specified by the end-tracing script
-    await (0, tracer_config_1.endTracingForCluster)(codeql, config, features);
     return timings;
 }
 exports.runFinalize = runFinalize;

lib/autobuild-action.js

@@ -34,6 +34,7 @@ const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
 const status_report_1 = require("./status-report");
+const tracer_config_1 = require("./tracer-config");
 const util_1 = require("./util");
 async function sendCompletedStatusReport(config, logger, startedAt, allLanguages, failingLanguage, cause) {
     (0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)());
@@ -81,6 +82,9 @@ async function run() {
                 await (0, autobuild_1.runAutobuild)(config, language, features, logger);
             }
         }
+        // End tracing early to avoid tracing analyze. This improves the performance and reliability of
+        // the analyze step.
+        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger, features);
     }
     catch (unwrappedError) {
         const error = (0, util_1.wrapError)(unwrappedError);

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AACvC,mDAA2C;AAE3C,uCAAqD;AACrD,6CAAkD;AAClD,mDAMyB;AACzB,iCAOgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AACvC,mDAA2C;AAE3C,uCAAqD;AACrD,6CAAkD;AAClD,mDAMyB;AACzB,mDAAuD;AACvD,iCAOgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,+FAA+F;QAC/F,oBAAoB;QACpB,MAAM,IAAA,oCAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC/D,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/autobuild.js

@@ -141,11 +141,11 @@ async function runAutobuild(config, language, features, logger) {
         await setupCppAutobuild(codeQL, logger);
     }
     if (config.buildMode &&
-        (await features.getValue(feature_flags_1.Feature.AutobuildDirectTracingEnabled, codeQL))) {
+        (await features.getValue(feature_flags_1.Feature.AutobuildDirectTracing, codeQL))) {
         await codeQL.extractUsingBuildMode(config, language);
     }
     else {
-        await codeQL.runAutobuild(config, language, features);
+        await codeQL.runAutobuild(config, language);
     }
     if (language === languages_1.Language.go) {
         core.exportVariable(environment_1.EnvVar.DID_AUTOBUILD_GOLANG, "true");

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,+CAAuC;AACvC,mDAKyB;AACzB,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAAwD;AAEjD,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAhGD,kEAgGC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAvCD,8CAuCC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,QAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC,EACxE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAvBD,oCAuBC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,+CAAuC;AACvC,mDAKyB;AACzB,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAAwD;AAEjD,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAhGD,kEAgGC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAvCD,8CAuCC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,QAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC,EACjE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAvBD,oCAuBC"}

lib/cli-errors.js

@@ -117,6 +117,7 @@ function ensureEndsInPeriod(text) {
 var CliConfigErrorCategory;
 (function (CliConfigErrorCategory) {
     CliConfigErrorCategory["ExternalRepositoryCloneFailed"] = "ExternalRepositoryCloneFailed";
+    CliConfigErrorCategory["GracefulOutOfMemory"] = "GracefulOutOfMemory";
     CliConfigErrorCategory["GradleBuildFailed"] = "GradleBuildFailed";
     CliConfigErrorCategory["IncompatibleWithActionVersion"] = "IncompatibleWithActionVersion";
     CliConfigErrorCategory["InitCalledTwice"] = "InitCalledTwice";
@@ -127,6 +128,7 @@ var CliConfigErrorCategory;
     CliConfigErrorCategory["NoSourceCodeSeen"] = "NoSourceCodeSeen";
     CliConfigErrorCategory["NoSupportedBuildCommandSucceeded"] = "NoSupportedBuildCommandSucceeded";
     CliConfigErrorCategory["NoSupportedBuildSystemDetected"] = "NoSupportedBuildSystemDetected";
+    CliConfigErrorCategory["PackCannotBeFound"] = "PackCannotBeFound";
     CliConfigErrorCategory["SwiftBuildFailed"] = "SwiftBuildFailed";
     CliConfigErrorCategory["UnsupportedBuildMode"] = "UnsupportedBuildMode";
 })(CliConfigErrorCategory || (exports.CliConfigErrorCategory = CliConfigErrorCategory = {}));
@@ -140,6 +142,9 @@ exports.cliErrorsConfig = {
             new RegExp("Failed to clone external Git repository"),
         ],
     },
+    [CliConfigErrorCategory.GracefulOutOfMemory]: {
+        cliErrorMessageCandidates: [new RegExp("CodeQL is out of memory.")],
+    },
     [CliConfigErrorCategory.GradleBuildFailed]: {
         cliErrorMessageCandidates: [
             new RegExp("[autobuild] FAILURE: Build failed with an exception."),
@@ -195,6 +200,11 @@ exports.cliErrorsConfig = {
             new RegExp("No supported build system detected"),
         ],
     },
+    [CliConfigErrorCategory.PackCannotBeFound]: {
+        cliErrorMessageCandidates: [
+            new RegExp("Query pack .* cannot be found\\. Check the spelling of the pack\\."),
+        ],
+    },
     [CliConfigErrorCategory.SwiftBuildFailed]: {
         cliErrorMessageCandidates: [
             new RegExp("\\[autobuilder/build\\] \\[build-command-failed\\] `autobuild` failed to run the build command"),

lib/codeql.js

@@ -297,19 +297,8 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 }),
             ], { stdin: externalRepositoryToken });
         },
-        async runAutobuild(config, language, features) {
+        async runAutobuild(config, language) {
             applyAutobuildAzurePipelinesTimeoutFix();
-            if (await features.getValue(feature_flags_1.Feature.AutobuildDirectTracingEnabled, this)) {
-                await runTool(cmd, [
-                    "database",
-                    "trace-command",
-                    ...(await getTrapCachingExtractorConfigArgsForLang(config, language)),
-                    ...getExtractionVerbosityArguments(config.debugMode),
-                    ...getExtraOptionsFromEnv(["database", "trace-command"]),
-                    util.getCodeQLDatabasePath(config, language),
-                ]);
-                return;
-            }
             const autobuildCmd = path.join(await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh");
             // Bump the verbosity of the autobuild command if we're in debug mode
             if (config.debugMode) {

lib/codeql.test.js

@@ -572,7 +572,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java, (0, testing_utils_1.createFeatures)([])), {
+    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java), {
         instanceOf: cli_errors_1.CommandInvocationError,
         message: "We were unable to automatically build your code. Please provide manual build steps. " +
             "For more information, see " +
@@ -591,7 +591,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java, (0, testing_utils_1.createFeatures)([])), {
+    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java), {
         instanceOf: cli_errors_1.CommandInvocationError,
         message: "We were unable to automatically build your code. Please provide manual build steps. " +
             "For more information, see " +

lib/feature-flags.js

@@ -45,11 +45,11 @@ exports.CODEQL_VERSION_FINE_GRAINED_PARALLELISM = "2.15.1";
 /**
  * Feature enablement as returned by the GitHub API endpoint.
  *
- * Each value of this enum should end with `_enabled`.
+ * Legacy features should end with `_enabled`.
  */
 var Feature;
 (function (Feature) {
-    Feature["AutobuildDirectTracingEnabled"] = "autobuild_direct_tracing_enabled";
+    Feature["AutobuildDirectTracing"] = "autobuild_direct_tracing";
     Feature["CombineSarifFilesDeprecationWarning"] = "combine_sarif_files_deprecation_warning_enabled";
     Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
     Feature["CppTrapCachingEnabled"] = "cpp_trap_caching_enabled";
@@ -59,47 +59,54 @@ var Feature;
     Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
 })(Feature || (exports.Feature = Feature = {}));
 exports.featureConfig = {
-    [Feature.AutobuildDirectTracingEnabled]: {
+    [Feature.AutobuildDirectTracing]: {
+        defaultValue: false,
         envVar: "CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING",
         minimumVersion: undefined,
         toolsFeature: tools_features_1.ToolsFeature.TraceCommandUseBuildMode,
-        defaultValue: false,
     },
     [Feature.CombineSarifFilesDeprecationWarning]: {
+        defaultValue: false,
         envVar: "CODEQL_ACTION_COMBINE_SARIF_FILES_DEPRECATION_WARNING",
+        legacyApi: true,
         // Independent of the CLI version.
         minimumVersion: undefined,
-        defaultValue: false,
     },
     [Feature.CppDependencyInstallation]: {
-        envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
-        minimumVersion: "2.15.0",
         defaultValue: false,
+        envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
+        legacyApi: true,
+        minimumVersion: "2.15.0",
     },
     [Feature.CppTrapCachingEnabled]: {
-        envVar: "CODEQL_CPP_TRAP_CACHING",
-        minimumVersion: "2.16.1",
         defaultValue: false,
+        envVar: "CODEQL_CPP_TRAP_CACHING",
+        legacyApi: true,
+        minimumVersion: "2.16.1",
     },
     [Feature.DisableJavaBuildlessEnabled]: {
-        envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS",
-        minimumVersion: undefined,
         defaultValue: false,
+        envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS",
+        legacyApi: true,
+        minimumVersion: undefined,
     },
     [Feature.DisableKotlinAnalysisEnabled]: {
-        envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS",
-        minimumVersion: undefined,
         defaultValue: false,
+        envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS",
+        legacyApi: true,
+        minimumVersion: undefined,
     },
     [Feature.ExportDiagnosticsEnabled]: {
-        envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS",
-        minimumVersion: undefined,
         defaultValue: true,
+        envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS",
+        legacyApi: true,
+        minimumVersion: undefined,
     },
     [Feature.QaTelemetryEnabled]: {
-        envVar: "CODEQL_ACTION_QA_TELEMETRY",
-        minimumVersion: undefined,
         defaultValue: false,
+        envVar: "CODEQL_ACTION_QA_TELEMETRY",
+        legacyApi: true,
+        minimumVersion: undefined,
     },
 };
 exports.FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json";
@@ -315,13 +322,20 @@ class GitHubFeatureFlags {
             return {};
         }
         try {
+            const featuresToRequest = Object.entries(exports.featureConfig)
+                .filter(([, config]) => !config.legacyApi)
+                .map(([f]) => f)
+                .join(",");
             const response = await (0, api_client_1.getApiClient)().request("GET /repos/:owner/:repo/code-scanning/codeql-action/features", {
                 owner: this.repositoryNwo.owner,
                 repo: this.repositoryNwo.repo,
+                features: featuresToRequest,
             });
             const remoteFlags = response.data;
-            this.logger.debug("Loaded the following default values for the feature flags from the Code Scanning API: " +
+            this.logger.debug("Loaded the following default values for the feature flags from the Code Scanning API:");
-                `${JSON.stringify(remoteFlags)}`);
+            for (const [feature, value] of Object.entries(remoteFlags).sort(([nameA], [nameB]) => nameA.localeCompare(nameB))) {
+                this.logger.debug(`  ${feature}: ${value}`);
+            }
             this.hasAccessedRemoteFeatureFlags = true;
             return remoteFlags;
         }

lib/feature-flags.test.js

@@ -331,9 +331,18 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
                 "Ignoring feature flag default_codeql_version_2_20_invalid_enabled as it does not specify a valid CodeQL version.") !== undefined);
     });
 });
-(0, ava_1.default)("feature flags should end with _enabled", async (t) => {
+(0, ava_1.default)("legacy feature flags should end with _enabled", async (t) => {
-    for (const feature of Object.values(feature_flags_1.Feature)) {
+    for (const [feature, config] of Object.entries(feature_flags_1.featureConfig)) {
-        t.assert(feature.endsWith("_enabled"), `${feature} should end with '_enabled'`);
+        if (config.legacyApi) {
+            t.assert(feature.endsWith("_enabled"), `legacy feature ${feature} should end with '_enabled'`);
+        }
+    }
+});
+(0, ava_1.default)("non-legacy feature flags should not end with _enabled", async (t) => {
+    for (const [feature, config] of Object.entries(feature_flags_1.featureConfig)) {
+        if (!config.legacyApi) {
+            t.false(feature.endsWith("_enabled"), `non-legacy feature ${feature} should not end with '_enabled'`);
+        }
     }
 });
 function assertAllFeaturesUndefinedInApi(t, loggedMessages) {

lib/tracer-config.js

@@ -33,13 +33,23 @@ const util_1 = require("./util");
 async function shouldEnableIndirectTracing(codeql, config, features) {
     return ((!config.buildMode ||
         config.buildMode === util_1.BuildMode.Manual ||
-        !(await features.getValue(feature_flags_1.Feature.AutobuildDirectTracingEnabled, codeql))) &&
+        !(await features.getValue(feature_flags_1.Feature.AutobuildDirectTracing, codeql))) &&
         config.languages.some((l) => (0, languages_1.isTracedLanguage)(l)));
 }
 exports.shouldEnableIndirectTracing = shouldEnableIndirectTracing;
-async function endTracingForCluster(codeql, config, features) {
+/**
+ * Delete variables as specified by the end-tracing script
+ *
+ * WARNING: This does not _really_ end tracing, as the tracer will restore its
+ * critical environment variables and it'll still be active for all processes
+ * launched from this build step.
+ *
+ * However, it will stop tracing for all steps past the current build step.
+ */
+async function endTracingForCluster(codeql, config, logger, features) {
     if (!(await shouldEnableIndirectTracing(codeql, config, features)))
         return;
+    logger.info("Unsetting build tracing environment variables. Subsequent steps of this job will not be traced.");
     const envVariablesFile = path.resolve(config.dbLocation, "temp/tracingEnvironment/end-tracing.json");
     if (!fs.existsSync(envVariablesFile)) {
         throw new Error(`Environment file for ending tracing not found: ${envVariablesFile}`);

lib/tracer-config.js.map

@@ -1 +1 @@
-{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAI7B,mDAA6D;AAC7D,2CAA+C;AAC/C,qDAAgD;AAChD,iCAAmC;AAM5B,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,OAAO,CACL,CAAC,CAAC,MAAM,CAAC,SAAS;QAChB,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM;QACrC,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CACvB,uBAAO,CAAC,6BAA6B,EACrC,MAAM,CACP,CAAC,CAAC;QACL,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,4BAAgB,EAAC,CAAC,CAAC,CAAC,CAClD,CAAC;AACJ,CAAC;AAdD,kEAcC;AAEM,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAAE,OAAO;IAE3E,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CACnC,MAAM,CAAC,UAAU,EACjB,0CAA0C,CAC3C,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,kDAAkD,gBAAgB,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,sBAAsB,GAA+B,IAAI,CAAC,KAAK,CACnE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAC1C,CAAC;QACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAClE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AAhCD,oDAgCC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc;IAEd,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CACpC,EAAE,CAAC,YAAY,CACb,IAAI,CAAC,OAAO,CACV,MAAM,CAAC,UAAU,EACjB,4CAA4C,CAC7C,EACD,MAAM,CACP,CACF,CAAC;IACF,OAAO;QACL,GAAG,EAAE,mBAAmB;KACzB,CAAC;AACJ,CAAC;AAfD,8DAeC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChE,OAAO,SAAS,CAAC;IAEnB,MAAM,gBAAgB,GAAG,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAEjE,mFAAmF;IACnF,4DAA4D;IAC5D,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC;QACzE,iFAAiF;QACjF,kFAAkF;QAClF,sDAAsD;QACtD,iFAAiF;QACjF,gCAAgC;QAChC,MAAM,aAAa,GACjB,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CAC/C,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,EACnC,OAAO,EACP,gBAAgB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EACvC,aAAa,CACd,CAAC;IACJ,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AA7BD,0DA6BC"}
+{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAI7B,mDAA6D;AAC7D,2CAA+C;AAE/C,qDAAgD;AAChD,iCAAmC;AAM5B,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,OAAO,CACL,CAAC,CAAC,MAAM,CAAC,SAAS;QAChB,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM;QACrC,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC,CAAC;QACrE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,4BAAgB,EAAC,CAAC,CAAC,CAAC,CAClD,CAAC;AACJ,CAAC;AAXD,kEAWC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAAE,OAAO;IAE3E,MAAM,CAAC,IAAI,CACT,iGAAiG,CAClG,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CACnC,MAAM,CAAC,UAAU,EACjB,0CAA0C,CAC3C,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,kDAAkD,gBAAgB,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,sBAAsB,GAA+B,IAAI,CAAC,KAAK,CACnE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAC1C,CAAC;QACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAClE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AArCD,oDAqCC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc;IAEd,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CACpC,EAAE,CAAC,YAAY,CACb,IAAI,CAAC,OAAO,CACV,MAAM,CAAC,UAAU,EACjB,4CAA4C,CAC7C,EACD,MAAM,CACP,CACF,CAAC;IACF,OAAO;QACL,GAAG,EAAE,mBAAmB;KACzB,CAAC;AACJ,CAAC;AAfD,8DAeC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChE,OAAO,SAAS,CAAC;IAEnB,MAAM,gBAAgB,GAAG,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAEjE,mFAAmF;IACnF,4DAA4D;IAC5D,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC;QACzE,iFAAiF;QACjF,kFAAkF;QAClF,sDAAsD;QACtD,iFAAiF;QACjF,gCAAgC;QAChC,MAAM,aAAa,GACjB,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CAC/C,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,EACnC,OAAO,EACP,gBAAgB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EACvC,aAAa,CACd,CAAC;IACJ,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AA7BD,0DA6BC"}

lib/upload-lib.js

@@ -520,6 +520,8 @@ function shouldConsiderConfigurationError(processingErrors) {
  */
 function shouldConsiderInvalidRequest(processingErrors) {
     return processingErrors.every((error) => error.startsWith("rejecting SARIF") ||
+        error.startsWith("an invalid URI was provided as a SARIF location") ||
+        error.startsWith("locationFromSarifResult: expected artifact location") ||
         error.startsWith("could not convert rules: invalid security severity value, is not a number") ||
         /^SARIF URI scheme [^\s]* did not match the checkout URI scheme [^\s]*/.test(error));
 }

lib/workflow.js

@@ -35,9 +35,6 @@ const yaml = __importStar(require("js-yaml"));
 const api = __importStar(require("./api-client"));
 const environment_1 = require("./environment");
 const util_1 = require("./util");
-function isObject(o) {
-    return o !== null && typeof o === "object";
-}
 const GLOB_PATTERN = new RegExp("(\\*\\*?)");
 function escapeRegExp(string) {
     return string.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"); // $& means the whole matched string
@@ -144,35 +141,31 @@ async function getWorkflowErrors(doc, codeql) {
             }
         }
     }
-    let missingPush = false;
+    // If there is no push trigger, we will not be able to analyze the default branch.
-    if (doc.on === undefined) {
+    // So add a warning to the user to add a push trigger.
-        // this is not a valid config
+    // If there is a workflow_call trigger, we don't need a push trigger since we assume
-    }
+    // that the workflow_call trigger is called from a workflow that has a push trigger.
-    else if (typeof doc.on === "string") {
+    const hasPushTrigger = hasWorkflowTrigger("push", doc);
-        if (doc.on === "pull_request") {
+    const hasPullRequestTrigger = hasWorkflowTrigger("pull_request", doc);
-            missingPush = true;
+    const hasWorkflowCallTrigger = hasWorkflowTrigger("workflow_call", doc);
-        }
+    if (hasPullRequestTrigger && !hasPushTrigger && !hasWorkflowCallTrigger) {
-    }
-    else if (Array.isArray(doc.on)) {
-        const hasPush = doc.on.includes("push");
-        const hasPullRequest = doc.on.includes("pull_request");
-        if (hasPullRequest && !hasPush) {
-            missingPush = true;
-        }
-    }
-    else if (isObject(doc.on)) {
-        const hasPush = Object.prototype.hasOwnProperty.call(doc.on, "push");
-        const hasPullRequest = Object.prototype.hasOwnProperty.call(doc.on, "pull_request");
-        if (!hasPush && hasPullRequest) {
-            missingPush = true;
-        }
-    }
-    if (missingPush) {
         errors.push(exports.WorkflowErrors.MissingPushHook);
     }
     return errors;
 }
 exports.getWorkflowErrors = getWorkflowErrors;
+function hasWorkflowTrigger(triggerName, doc) {
+    if (!doc.on) {
+        return false;
+    }
+    if (typeof doc.on === "string") {
+        return doc.on === triggerName;
+    }
+    if (Array.isArray(doc.on)) {
+        return doc.on.includes(triggerName);
+    }
+    return Object.prototype.hasOwnProperty.call(doc.on, triggerName);
+}
 async function validateWorkflow(codeql, logger) {
     let workflow;
     try {

lib/workflow.test.js

@@ -373,6 +373,29 @@ async function testLanguageAliases(t, matrixLanguages, aliases, expectedErrorMes
   on: ["push"]
   `), await (0, codeql_1.getCodeQLForTesting)()), []));
 });
+(0, ava_1.default)("getWorkflowErrors() should not report a warning if there is a workflow_call trigger", async (t) => {
+    const errors = await (0, workflow_1.getWorkflowErrors)(yaml.load(`
+    name: "CodeQL"
+    on:
+      workflow_call:
+    `), await (0, codeql_1.getCodeQLForTesting)());
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() should not report a warning if there is a workflow_call trigger as a string", async (t) => {
+    const errors = await (0, workflow_1.getWorkflowErrors)(yaml.load(`
+    name: "CodeQL"
+    on: workflow_call
+    `), await (0, codeql_1.getCodeQLForTesting)());
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() should not report a warning if there is a workflow_call trigger as an array", async (t) => {
+    const errors = await (0, workflow_1.getWorkflowErrors)(yaml.load(`
+    name: "CodeQL"
+    on:
+      - workflow_call
+    `), await (0, codeql_1.getCodeQLForTesting)());
+    t.deepEqual(...errorCodes(errors, []));
+});
 (0, ava_1.default)("getCategoryInputOrThrow returns category for simple workflow with category", (t) => {
     process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
     t.is((0, workflow_1.getCategoryInputOrThrow)(yaml.load(`

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.25.4",
+  "version": "3.25.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "3.25.4",
+  "version": "3.25.5",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "3.25.4",
+      "version": "3.25.5",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.1.2",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.25.4",
+  "version": "3.25.5",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

pr-checks/sync.py

@@ -117,6 +117,7 @@ for file in (this_dir / 'checks').glob('*.yml'):
 
     checkJob = {
         'strategy': {
+            'fail-fast': False,
             'matrix': {
                 'include': matrix
             }

src/analyze.ts

@@ -402,13 +402,10 @@ export async function runFinalize(
     logger,
   );
 
-  // WARNING: This does not _really_ end tracing, as the tracer will restore its
+  // If we didn't already end tracing in the autobuild Action, end it now.
-  // critical environment variables and it'll still be active for all processes
+  if (process.env[EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY] !== "true") {
-  // launched from this build step.
+    await endTracingForCluster(codeql, config, logger, features);
-  // However, it will stop tracing for all steps past the codeql-action/analyze
+  }
-  // step.
-  // Delete variables as specified by the end-tracing script
-  await endTracingForCluster(codeql, config, features);
   return timings;
 }
 

src/autobuild-action.ts

@@ -21,6 +21,7 @@ import {
   sendStatusReport,
   ActionName,
 } from "./status-report";
+import { endTracingForCluster } from "./tracer-config";
 import {
   checkActionVersion,
   checkDiskUsage,
@@ -125,6 +126,10 @@ async function run() {
         await runAutobuild(config, language, features, logger);
       }
     }
+
+    // End tracing early to avoid tracing analyze. This improves the performance and reliability of
+    // the analyze step.
+    await endTracingForCluster(codeql, config, logger, features);
   } catch (unwrappedError) {
     const error = wrapError(unwrappedError);
     core.setFailed(

src/autobuild.ts

@@ -169,11 +169,11 @@ export async function runAutobuild(
   }
   if (
     config.buildMode &&
-    (await features.getValue(Feature.AutobuildDirectTracingEnabled, codeQL))
+    (await features.getValue(Feature.AutobuildDirectTracing, codeQL))
   ) {
     await codeQL.extractUsingBuildMode(config, language);
   } else {
-    await codeQL.runAutobuild(config, language, features);
+    await codeQL.runAutobuild(config, language);
   }
   if (language === Language.go) {
     core.exportVariable(EnvVar.DID_AUTOBUILD_GOLANG, "true");

src/cli-errors.ts

@@ -122,6 +122,7 @@ function ensureEndsInPeriod(text: string): string {
 /** Error messages from the CLI that we consider configuration errors and handle specially. */
 export enum CliConfigErrorCategory {
   ExternalRepositoryCloneFailed = "ExternalRepositoryCloneFailed",
+  GracefulOutOfMemory = "GracefulOutOfMemory",
   GradleBuildFailed = "GradleBuildFailed",
   IncompatibleWithActionVersion = "IncompatibleWithActionVersion",
   InitCalledTwice = "InitCalledTwice",
@@ -132,6 +133,7 @@ export enum CliConfigErrorCategory {
   NoSourceCodeSeen = "NoSourceCodeSeen",
   NoSupportedBuildCommandSucceeded = "NoSupportedBuildCommandSucceeded",
   NoSupportedBuildSystemDetected = "NoSupportedBuildSystemDetected",
+  PackCannotBeFound = "PackCannotBeFound",
   SwiftBuildFailed = "SwiftBuildFailed",
   UnsupportedBuildMode = "UnsupportedBuildMode",
 }
@@ -156,6 +158,9 @@ export const cliErrorsConfig: Record<
       new RegExp("Failed to clone external Git repository"),
     ],
   },
+  [CliConfigErrorCategory.GracefulOutOfMemory]: {
+    cliErrorMessageCandidates: [new RegExp("CodeQL is out of memory.")],
+  },
   [CliConfigErrorCategory.GradleBuildFailed]: {
     cliErrorMessageCandidates: [
       new RegExp("[autobuild] FAILURE: Build failed with an exception."),
@@ -220,6 +225,13 @@ export const cliErrorsConfig: Record<
       new RegExp("No supported build system detected"),
     ],
   },
+  [CliConfigErrorCategory.PackCannotBeFound]: {
+    cliErrorMessageCandidates: [
+      new RegExp(
+        "Query pack .* cannot be found\\. Check the spelling of the pack\\.",
+      ),
+    ],
+  },
   [CliConfigErrorCategory.SwiftBuildFailed]: {
     cliErrorMessageCandidates: [
       new RegExp(

src/codeql.test.ts

@@ -910,12 +910,7 @@ test("runTool summarizes autobuilder errors", async (t) => {
   sinon.stub(safeWhich, "safeWhich").resolves("");
 
   await t.throwsAsync(
-    async () =>
+    async () => await codeqlObject.runAutobuild(stubConfig, Language.java),
-      await codeqlObject.runAutobuild(
-        stubConfig,
-        Language.java,
-        createFeatures([]),
-      ),
     {
       instanceOf: CommandInvocationError,
       message:
@@ -943,12 +938,7 @@ test("runTool truncates long autobuilder errors", async (t) => {
   sinon.stub(safeWhich, "safeWhich").resolves("");
 
   await t.throwsAsync(
-    async () =>
+    async () => await codeqlObject.runAutobuild(stubConfig, Language.java),
-      await codeqlObject.runAutobuild(
-        stubConfig,
-        Language.java,
-        createFeatures([]),
-      ),
     {
       instanceOf: CommandInvocationError,
       message:

src/codeql.ts

@@ -88,11 +88,7 @@ export interface CodeQL {
   /**
    * Runs the autobuilder for the given language.
    */
-  runAutobuild(
+  runAutobuild(config: Config, language: Language): Promise<void>;
-    config: Config,
-    language: Language,
-    features: FeatureEnablement,
-  ): Promise<void>;
   /**
    * Extract code for a scanned language using 'codeql database trace-command'
    * and running the language extractor.
@@ -634,27 +630,9 @@ export async function getCodeQLForCmd(
         { stdin: externalRepositoryToken },
       );
     },
-    async runAutobuild(
+    async runAutobuild(config: Config, language: Language) {
-      config: Config,
-      language: Language,
-      features: FeatureEnablement,
-    ) {
       applyAutobuildAzurePipelinesTimeoutFix();
 
-      if (
-        await features.getValue(Feature.AutobuildDirectTracingEnabled, this)
-      ) {
-        await runTool(cmd, [
-          "database",
-          "trace-command",
-          ...(await getTrapCachingExtractorConfigArgsForLang(config, language)),
-          ...getExtractionVerbosityArguments(config.debugMode),
-          ...getExtraOptionsFromEnv(["database", "trace-command"]),
-          util.getCodeQLDatabasePath(config, language),
-        ]);
-        return;
-      }
-
       const autobuildCmd = path.join(
         await this.resolveExtractor(language),
         "tools",

src/feature-flags.test.ts

@@ -516,12 +516,25 @@ test("ignores invalid version numbers in default version feature flags", async (
   });
 });
 
-test("feature flags should end with _enabled", async (t) => {
+test("legacy feature flags should end with _enabled", async (t) => {
-  for (const feature of Object.values(Feature)) {
+  for (const [feature, config] of Object.entries(featureConfig)) {
-    t.assert(
+    if (config.legacyApi) {
-      feature.endsWith("_enabled"),
+      t.assert(
-      `${feature} should end with '_enabled'`,
+        feature.endsWith("_enabled"),
-    );
+        `legacy feature ${feature} should end with '_enabled'`,
+      );
+    }
+  }
+});
+
+test("non-legacy feature flags should not end with _enabled", async (t) => {
+  for (const [feature, config] of Object.entries(featureConfig)) {
+    if (!config.legacyApi) {
+      t.false(
+        feature.endsWith("_enabled"),
+        `non-legacy feature ${feature} should not end with '_enabled'`,
+      );
+    }
   }
 });
 

src/feature-flags.ts

@@ -42,10 +42,10 @@ export interface FeatureEnablement {
 /**
  * Feature enablement as returned by the GitHub API endpoint.
  *
- * Each value of this enum should end with `_enabled`.
+ * Legacy features should end with `_enabled`.
  */
 export enum Feature {
-  AutobuildDirectTracingEnabled = "autobuild_direct_tracing_enabled",
+  AutobuildDirectTracing = "autobuild_direct_tracing",
   CombineSarifFilesDeprecationWarning = "combine_sarif_files_deprecation_warning_enabled",
   CppDependencyInstallation = "cpp_dependency_installation_enabled",
   CppTrapCachingEnabled = "cpp_trap_caching_enabled",
@@ -58,12 +58,24 @@ export enum Feature {
 export const featureConfig: Record<
   Feature,
   {
+    /**
+     * Default value in environments where the feature flags API is not available,
+     * such as GitHub Enterprise Server.
+     */
+    defaultValue: boolean;
     /**
      * Environment variable for explicitly enabling or disabling the feature.
      *
      * This overrides enablement status from the feature flags API.
      */
     envVar: string;
+    /**
+     * Whether the feature flag is part of the legacy feature flags API (defaults to false).
+     *
+     * These feature flags are included by default in the API response and do not need to be
+     * explicitly requested.
+     */
+    legacyApi?: boolean;
     /**
      * Minimum version of the CLI, if applicable.
      *
@@ -72,54 +84,56 @@ export const featureConfig: Record<
     minimumVersion: string | undefined;
     /** Required tools feature, if applicable. */
     toolsFeature?: ToolsFeature;
-    /**
-     * Default value in environments where the feature flags API is not available,
-     * such as GitHub Enterprise Server.
-     */
-    defaultValue: boolean;
   }
 > = {
-  [Feature.AutobuildDirectTracingEnabled]: {
+  [Feature.AutobuildDirectTracing]: {
+    defaultValue: false,
     envVar: "CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING",
     minimumVersion: undefined,
     toolsFeature: ToolsFeature.TraceCommandUseBuildMode,
-    defaultValue: false,
   },
   [Feature.CombineSarifFilesDeprecationWarning]: {
+    defaultValue: false,
     envVar: "CODEQL_ACTION_COMBINE_SARIF_FILES_DEPRECATION_WARNING",
+    legacyApi: true,
     // Independent of the CLI version.
     minimumVersion: undefined,
-    defaultValue: false,
   },
   [Feature.CppDependencyInstallation]: {
-    envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
-    minimumVersion: "2.15.0",
     defaultValue: false,
+    envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
+    legacyApi: true,
+    minimumVersion: "2.15.0",
   },
   [Feature.CppTrapCachingEnabled]: {
-    envVar: "CODEQL_CPP_TRAP_CACHING",
-    minimumVersion: "2.16.1",
     defaultValue: false,
+    envVar: "CODEQL_CPP_TRAP_CACHING",
+    legacyApi: true,
+    minimumVersion: "2.16.1",
   },
   [Feature.DisableJavaBuildlessEnabled]: {
-    envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS",
-    minimumVersion: undefined,
     defaultValue: false,
+    envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS",
+    legacyApi: true,
+    minimumVersion: undefined,
   },
   [Feature.DisableKotlinAnalysisEnabled]: {
-    envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS",
-    minimumVersion: undefined,
     defaultValue: false,
+    envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS",
+    legacyApi: true,
+    minimumVersion: undefined,
   },
   [Feature.ExportDiagnosticsEnabled]: {
-    envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS",
-    minimumVersion: undefined,
     defaultValue: true,
+    envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS",
+    legacyApi: true,
+    minimumVersion: undefined,
   },
   [Feature.QaTelemetryEnabled]: {
-    envVar: "CODEQL_ACTION_QA_TELEMETRY",
-    minimumVersion: undefined,
     defaultValue: false,
+    envVar: "CODEQL_ACTION_QA_TELEMETRY",
+    legacyApi: true,
+    minimumVersion: undefined,
   },
 };
 
@@ -450,18 +464,28 @@ class GitHubFeatureFlags {
       return {};
     }
     try {
+      const featuresToRequest = Object.entries(featureConfig)
+        .filter(([, config]) => !config.legacyApi)
+        .map(([f]) => f)
+        .join(",");
+
       const response = await getApiClient().request(
         "GET /repos/:owner/:repo/code-scanning/codeql-action/features",
         {
           owner: this.repositoryNwo.owner,
           repo: this.repositoryNwo.repo,
+          features: featuresToRequest,
         },
       );
-      const remoteFlags = response.data;
+      const remoteFlags = response.data as GitHubFeatureFlagsApiResponse;
       this.logger.debug(
-        "Loaded the following default values for the feature flags from the Code Scanning API: " +
+        "Loaded the following default values for the feature flags from the Code Scanning API:",
-          `${JSON.stringify(remoteFlags)}`,
       );
+      for (const [feature, value] of Object.entries(remoteFlags).sort(
+        ([nameA], [nameB]) => nameA.localeCompare(nameB),
+      )) {
+        this.logger.debug(`  ${feature}: ${value}`);
+      }
       this.hasAccessedRemoteFeatureFlags = true;
       return remoteFlags;
     } catch (e) {

src/tracer-config.ts

@@ -5,6 +5,7 @@ import { type CodeQL } from "./codeql";
 import { type Config } from "./config-utils";
 import { Feature, FeatureEnablement } from "./feature-flags";
 import { isTracedLanguage } from "./languages";
+import { Logger } from "./logging";
 import { ToolsFeature } from "./tools-features";
 import { BuildMode } from "./util";
 
@@ -20,21 +21,32 @@ export async function shouldEnableIndirectTracing(
   return (
     (!config.buildMode ||
       config.buildMode === BuildMode.Manual ||
-      !(await features.getValue(
+      !(await features.getValue(Feature.AutobuildDirectTracing, codeql))) &&
-        Feature.AutobuildDirectTracingEnabled,
-        codeql,
-      ))) &&
     config.languages.some((l) => isTracedLanguage(l))
   );
 }
 
+/**
+ * Delete variables as specified by the end-tracing script
+ *
+ * WARNING: This does not _really_ end tracing, as the tracer will restore its
+ * critical environment variables and it'll still be active for all processes
+ * launched from this build step.
+ *
+ * However, it will stop tracing for all steps past the current build step.
+ */
 export async function endTracingForCluster(
   codeql: CodeQL,
   config: Config,
+  logger: Logger,
   features: FeatureEnablement,
 ): Promise<void> {
   if (!(await shouldEnableIndirectTracing(codeql, config, features))) return;
 
+  logger.info(
+    "Unsetting build tracing environment variables. Subsequent steps of this job will not be traced.",
+  );
+
   const envVariablesFile = path.resolve(
     config.dbLocation,
     "temp/tracingEnvironment/end-tracing.json",

src/upload-lib.ts

@@ -775,6 +775,8 @@ function shouldConsiderInvalidRequest(processingErrors: string[]): boolean {
   return processingErrors.every(
     (error) =>
       error.startsWith("rejecting SARIF") ||
+      error.startsWith("an invalid URI was provided as a SARIF location") ||
+      error.startsWith("locationFromSarifResult: expected artifact location") ||
       error.startsWith(
         "could not convert rules: invalid security severity value, is not a number",
       ) ||

src/workflow.test.ts

@@ -643,6 +643,44 @@ test("getWorkflowErrors() should not report an error if PRs are totally unconfig
   );
 });
 
+test("getWorkflowErrors() should not report a warning if there is a workflow_call trigger", async (t) => {
+  const errors = await getWorkflowErrors(
+    yaml.load(`
+    name: "CodeQL"
+    on:
+      workflow_call:
+    `) as Workflow,
+    await getCodeQLForTesting(),
+  );
+
+  t.deepEqual(...errorCodes(errors, []));
+});
+
+test("getWorkflowErrors() should not report a warning if there is a workflow_call trigger as a string", async (t) => {
+  const errors = await getWorkflowErrors(
+    yaml.load(`
+    name: "CodeQL"
+    on: workflow_call
+    `) as Workflow,
+    await getCodeQLForTesting(),
+  );
+
+  t.deepEqual(...errorCodes(errors, []));
+});
+
+test("getWorkflowErrors() should not report a warning if there is a workflow_call trigger as an array", async (t) => {
+  const errors = await getWorkflowErrors(
+    yaml.load(`
+    name: "CodeQL"
+    on:
+      - workflow_call
+    `) as Workflow,
+    await getCodeQLForTesting(),
+  );
+
+  t.deepEqual(...errorCodes(errors, []));
+});
+
 test("getCategoryInputOrThrow returns category for simple workflow with category", (t) => {
   process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
   t.is(

src/workflow.ts

@@ -47,10 +47,6 @@ export interface Workflow {
   on?: string | string[] | WorkflowTriggers;
 }
 
-function isObject(o: unknown): o is object {
-  return o !== null && typeof o === "object";
-}
-
 const GLOB_PATTERN = new RegExp("(\\*\\*?)");
 
 function escapeRegExp(string) {
@@ -193,39 +189,37 @@ export async function getWorkflowErrors(
     }
   }
 
-  let missingPush = false;
+  // If there is no push trigger, we will not be able to analyze the default branch.
+  // So add a warning to the user to add a push trigger.
+  // If there is a workflow_call trigger, we don't need a push trigger since we assume
+  // that the workflow_call trigger is called from a workflow that has a push trigger.
+  const hasPushTrigger = hasWorkflowTrigger("push", doc);
+  const hasPullRequestTrigger = hasWorkflowTrigger("pull_request", doc);
+  const hasWorkflowCallTrigger = hasWorkflowTrigger("workflow_call", doc);
 
-  if (doc.on === undefined) {
+  if (hasPullRequestTrigger && !hasPushTrigger && !hasWorkflowCallTrigger) {
-    // this is not a valid config
-  } else if (typeof doc.on === "string") {
-    if (doc.on === "pull_request") {
-      missingPush = true;
-    }
-  } else if (Array.isArray(doc.on)) {
-    const hasPush = doc.on.includes("push");
-    const hasPullRequest = doc.on.includes("pull_request");
-    if (hasPullRequest && !hasPush) {
-      missingPush = true;
-    }
-  } else if (isObject(doc.on)) {
-    const hasPush = Object.prototype.hasOwnProperty.call(doc.on, "push");
-    const hasPullRequest = Object.prototype.hasOwnProperty.call(
-      doc.on,
-      "pull_request",
-    );
-
-    if (!hasPush && hasPullRequest) {
-      missingPush = true;
-    }
-  }
-
-  if (missingPush) {
     errors.push(WorkflowErrors.MissingPushHook);
   }
 
   return errors;
 }
 
+function hasWorkflowTrigger(triggerName: string, doc: Workflow): boolean {
+  if (!doc.on) {
+    return false;
+  }
+
+  if (typeof doc.on === "string") {
+    return doc.on === triggerName;
+  }
+
+  if (Array.isArray(doc.on)) {
+    return doc.on.includes(triggerName);
+  }
+
+  return Object.prototype.hasOwnProperty.call(doc.on, triggerName);
+}
+
 export async function validateWorkflow(
   codeql: CodeQL,
   logger: Logger,