From d122da3c9fbc0d874b28239bedb62a1592abd2cf Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 12 May 2026 18:32:59 +0100 Subject: [PATCH 1/6] Bump minimum CodeQL CLI version to 2.19.4 --- CHANGELOG.md | 1 + README.md | 2 -- lib/analyze-action-post.js | 4 ++-- lib/analyze-action.js | 4 ++-- lib/autobuild-action.js | 4 ++-- lib/init-action-post.js | 4 ++-- lib/init-action.js | 4 ++-- lib/resolve-environment-action.js | 4 ++-- lib/setup-codeql-action.js | 4 ++-- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 4 ++-- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 4 ++-- package-lock.json | 4 ++-- package.json | 2 +- src/codeql.ts | 2 +- 17 files changed, 26 insertions(+), 27 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d016b4fedb..a82ecdbfdb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] - Added an experimental change which, when running a Code Scanning analysis for a PR with [improved incremental analysis](https://github.com/github/roadmap/issues/1158) enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. [#3880](https://github.com/github/codeql-action/pull/3880) +- _Breaking change_: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://github.com/github/codeql-action/pull/3894) ## 4.35.4 - 07 May 2026 diff --git a/README.md b/README.md index bee9072a07..530c028f97 100644 --- a/README.md +++ b/README.md @@ -78,8 +78,6 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n | `v3.28.21` | `2.21.3` | Enterprise Server 3.18 | | | `v3.28.12` | `2.20.7` | Enterprise Server 3.17 | | | `v3.28.6` | `2.20.3` | Enterprise Server 3.16 | | -| `v3.28.6` | `2.20.3` | Enterprise Server 3.15 | | -| `v3.28.6` | `2.20.3` | Enterprise Server 3.14 | | See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server). diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 379439ac9c..2e876c86c4 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -126877,7 +126877,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); @@ -128089,7 +128089,7 @@ async function shouldEnableIndirectTracing(codeql, config) { // src/codeql.ts var cachedCodeQL = void 0; -var CODEQL_MINIMUM_VERSION = "2.17.6"; +var CODEQL_MINIMUM_VERSION = "2.19.4"; var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 446472b87c..c496c4acac 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -88803,7 +88803,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); @@ -92210,7 +92210,7 @@ async function endTracingForCluster(codeql, config, logger) { // src/codeql.ts var cachedCodeQL = void 0; -var CODEQL_MINIMUM_VERSION = "2.17.6"; +var CODEQL_MINIMUM_VERSION = "2.19.4"; var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index e03e79d14e..62f1100d6f 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -85608,7 +85608,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); @@ -87263,7 +87263,7 @@ async function endTracingForCluster(codeql, config, logger) { // src/codeql.ts var cachedCodeQL = void 0; -var CODEQL_MINIMUM_VERSION = "2.17.6"; +var CODEQL_MINIMUM_VERSION = "2.19.4"; var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 8e12e0ec6e..71f6e4772b 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -129987,7 +129987,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); @@ -133148,7 +133148,7 @@ async function shouldEnableIndirectTracing(codeql, config) { // src/codeql.ts var cachedCodeQL = void 0; -var CODEQL_MINIMUM_VERSION = "2.17.6"; +var CODEQL_MINIMUM_VERSION = "2.19.4"; var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; diff --git a/lib/init-action.js b/lib/init-action.js index 7b21c181cd..f24f6c2f22 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -86162,7 +86162,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); @@ -91128,7 +91128,7 @@ async function getCombinedTracerConfig(codeql, config) { // src/codeql.ts var cachedCodeQL = void 0; -var CODEQL_MINIMUM_VERSION = "2.17.6"; +var CODEQL_MINIMUM_VERSION = "2.19.4"; var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 5e318a9d89..83a9208437 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -85616,7 +85616,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); @@ -86895,7 +86895,7 @@ async function shouldEnableIndirectTracing(codeql, config) { // src/codeql.ts var cachedCodeQL = void 0; -var CODEQL_MINIMUM_VERSION = "2.17.6"; +var CODEQL_MINIMUM_VERSION = "2.19.4"; var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index d3a585c78c..74be78daf7 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -85709,7 +85709,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); @@ -88602,7 +88602,7 @@ async function shouldEnableIndirectTracing(codeql, config) { // src/codeql.ts var cachedCodeQL = void 0; -var CODEQL_MINIMUM_VERSION = "2.17.6"; +var CODEQL_MINIMUM_VERSION = "2.19.4"; var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 5e67aaa280..489590c29a 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -126824,7 +126824,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } var persistedInputsKey = "persisted_inputs"; var restoreInputs = function() { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index ee67ed723e..e53cbd41f8 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -102813,7 +102813,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index b649b56721..16d1d4e480 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -88509,7 +88509,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); @@ -91209,7 +91209,7 @@ async function shouldEnableIndirectTracing(codeql, config) { // src/codeql.ts var cachedCodeQL = void 0; -var CODEQL_MINIMUM_VERSION = "2.17.6"; +var CODEQL_MINIMUM_VERSION = "2.19.4"; var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index dfafe65015..cfb7d1e319 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -126824,7 +126824,7 @@ function getTemporaryDirectory() { return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP"); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } var persistedInputsKey = "persisted_inputs"; var restoreInputs = function() { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 522ab1abad..4e2f843bb0 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -88537,7 +88537,7 @@ function getDiffRangesJsonFilePath() { return path2.join(getTemporaryDirectory(), PR_DIFF_RANGE_JSON_FILENAME); } function getActionVersion() { - return "4.35.5"; + return "4.36.0"; } function getWorkflowEventName() { return getRequiredEnvParam("GITHUB_EVENT_NAME"); @@ -91880,7 +91880,7 @@ async function shouldEnableIndirectTracing(codeql, config) { // src/codeql.ts var cachedCodeQL = void 0; -var CODEQL_MINIMUM_VERSION = "2.17.6"; +var CODEQL_MINIMUM_VERSION = "2.19.4"; var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; diff --git a/package-lock.json b/package-lock.json index 638458e325..38d023c62a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.35.5", + "version": "4.36.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.35.5", + "version": "4.36.0", "license": "MIT", "workspaces": [ "pr-checks" diff --git a/package.json b/package.json index e40fedf976..b281b88b48 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.35.5", + "version": "4.36.0", "private": true, "description": "CodeQL action", "scripts": { diff --git a/src/codeql.ts b/src/codeql.ts index 66ed8cebe1..38383c35bb 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -277,7 +277,7 @@ let cachedCodeQL: CodeQL | undefined = undefined; * The version flags below can be used to conditionally enable certain features * on versions newer than this. */ -const CODEQL_MINIMUM_VERSION = "2.17.6"; +const CODEQL_MINIMUM_VERSION = "2.19.4"; /** * This version will shortly become the oldest version of CodeQL that the Action will run with. From 97fb30df6b52b2496f70c126f190f464b23075ca Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 12 May 2026 18:57:56 +0100 Subject: [PATCH 2/6] Remove `ForceOverwrite` tools feature This feature has been supported since CodeQL CLI v2.18.0, which is below the new minimum version. --- lib/analyze-action-post.js | 15 +++++++++------ lib/analyze-action.js | 15 +++++++++------ lib/autobuild-action.js | 15 +++++++++------ lib/init-action-post.js | 15 +++++++++------ lib/init-action.js | 15 +++++++++------ lib/resolve-environment-action.js | 15 +++++++++------ lib/setup-codeql-action.js | 15 +++++++++------ lib/upload-lib.js | 15 +++++++++------ lib/upload-sarif-action.js | 15 +++++++++------ src/codeql.test.ts | 8 ++++---- src/codeql.ts | 18 +++++++++--------- src/tools-features.test.ts | 10 +++++++--- src/tools-features.ts | 1 - 13 files changed, 101 insertions(+), 71 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 2e876c86c4..914dab2386 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -128166,10 +128166,6 @@ async function getCodeQLForCmd(cmd, checkVersion) { if (qlconfigFile !== void 0) { extraArgs.push(`--qlconfig-file=${qlconfigFile}`); } - const overwriteFlag = isSupportedToolsFeature( - await this.getVersion(), - "forceOverwrite" /* ForceOverwrite */ - ) ? "--force-overwrite" : "--overwrite"; const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( @@ -128190,7 +128186,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { [ "database", "init", - ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : [overwriteFlag], + ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : ["--force-overwrite"], "--db-cluster", config.dbLocation, `--source-root=${sourceRoot}`, @@ -128201,7 +128197,14 @@ async function getCodeQLForCmd(cmd, checkVersion) { // Some user configs specify `--no-calculate-baseline` as an additional // argument to `codeql database init`. Therefore ignore the baseline file // options here to avoid specifying the same argument twice and erroring. - ignoringOptions: ["--overwrite", ...baselineFilesOptions] + // + // Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if + // the user has configured `--overwrite`. + ignoringOptions: [ + "--force-overwrite", + "--overwrite", + ...baselineFilesOptions + ] }) ], { stdin: externalRepositoryToken } diff --git a/lib/analyze-action.js b/lib/analyze-action.js index c496c4acac..86bafba5f9 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -92337,10 +92337,6 @@ async function getCodeQLForCmd(cmd, checkVersion) { if (qlconfigFile !== void 0) { extraArgs.push(`--qlconfig-file=${qlconfigFile}`); } - const overwriteFlag = isSupportedToolsFeature( - await this.getVersion(), - "forceOverwrite" /* ForceOverwrite */ - ) ? "--force-overwrite" : "--overwrite"; const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( @@ -92361,7 +92357,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { [ "database", "init", - ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : [overwriteFlag], + ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : ["--force-overwrite"], "--db-cluster", config.dbLocation, `--source-root=${sourceRoot}`, @@ -92372,7 +92368,14 @@ async function getCodeQLForCmd(cmd, checkVersion) { // Some user configs specify `--no-calculate-baseline` as an additional // argument to `codeql database init`. Therefore ignore the baseline file // options here to avoid specifying the same argument twice and erroring. - ignoringOptions: ["--overwrite", ...baselineFilesOptions] + // + // Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if + // the user has configured `--overwrite`. + ignoringOptions: [ + "--force-overwrite", + "--overwrite", + ...baselineFilesOptions + ] }) ], { stdin: externalRepositoryToken } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 62f1100d6f..970840e3af 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -87340,10 +87340,6 @@ async function getCodeQLForCmd(cmd, checkVersion) { if (qlconfigFile !== void 0) { extraArgs.push(`--qlconfig-file=${qlconfigFile}`); } - const overwriteFlag = isSupportedToolsFeature( - await this.getVersion(), - "forceOverwrite" /* ForceOverwrite */ - ) ? "--force-overwrite" : "--overwrite"; const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( @@ -87364,7 +87360,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { [ "database", "init", - ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : [overwriteFlag], + ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : ["--force-overwrite"], "--db-cluster", config.dbLocation, `--source-root=${sourceRoot}`, @@ -87375,7 +87371,14 @@ async function getCodeQLForCmd(cmd, checkVersion) { // Some user configs specify `--no-calculate-baseline` as an additional // argument to `codeql database init`. Therefore ignore the baseline file // options here to avoid specifying the same argument twice and erroring. - ignoringOptions: ["--overwrite", ...baselineFilesOptions] + // + // Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if + // the user has configured `--overwrite`. + ignoringOptions: [ + "--force-overwrite", + "--overwrite", + ...baselineFilesOptions + ] }) ], { stdin: externalRepositoryToken } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 71f6e4772b..68eec46132 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -133275,10 +133275,6 @@ async function getCodeQLForCmd(cmd, checkVersion) { if (qlconfigFile !== void 0) { extraArgs.push(`--qlconfig-file=${qlconfigFile}`); } - const overwriteFlag = isSupportedToolsFeature( - await this.getVersion(), - "forceOverwrite" /* ForceOverwrite */ - ) ? "--force-overwrite" : "--overwrite"; const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( @@ -133299,7 +133295,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { [ "database", "init", - ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : [overwriteFlag], + ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : ["--force-overwrite"], "--db-cluster", config.dbLocation, `--source-root=${sourceRoot}`, @@ -133310,7 +133306,14 @@ async function getCodeQLForCmd(cmd, checkVersion) { // Some user configs specify `--no-calculate-baseline` as an additional // argument to `codeql database init`. Therefore ignore the baseline file // options here to avoid specifying the same argument twice and erroring. - ignoringOptions: ["--overwrite", ...baselineFilesOptions] + // + // Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if + // the user has configured `--overwrite`. + ignoringOptions: [ + "--force-overwrite", + "--overwrite", + ...baselineFilesOptions + ] }) ], { stdin: externalRepositoryToken } diff --git a/lib/init-action.js b/lib/init-action.js index f24f6c2f22..a506447d95 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -91249,10 +91249,6 @@ async function getCodeQLForCmd(cmd, checkVersion) { if (qlconfigFile !== void 0) { extraArgs.push(`--qlconfig-file=${qlconfigFile}`); } - const overwriteFlag = isSupportedToolsFeature( - await this.getVersion(), - "forceOverwrite" /* ForceOverwrite */ - ) ? "--force-overwrite" : "--overwrite"; const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( @@ -91273,7 +91269,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { [ "database", "init", - ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : [overwriteFlag], + ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : ["--force-overwrite"], "--db-cluster", config.dbLocation, `--source-root=${sourceRoot}`, @@ -91284,7 +91280,14 @@ async function getCodeQLForCmd(cmd, checkVersion) { // Some user configs specify `--no-calculate-baseline` as an additional // argument to `codeql database init`. Therefore ignore the baseline file // options here to avoid specifying the same argument twice and erroring. - ignoringOptions: ["--overwrite", ...baselineFilesOptions] + // + // Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if + // the user has configured `--overwrite`. + ignoringOptions: [ + "--force-overwrite", + "--overwrite", + ...baselineFilesOptions + ] }) ], { stdin: externalRepositoryToken } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 83a9208437..3ea89969c2 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -86972,10 +86972,6 @@ async function getCodeQLForCmd(cmd, checkVersion) { if (qlconfigFile !== void 0) { extraArgs.push(`--qlconfig-file=${qlconfigFile}`); } - const overwriteFlag = isSupportedToolsFeature( - await this.getVersion(), - "forceOverwrite" /* ForceOverwrite */ - ) ? "--force-overwrite" : "--overwrite"; const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( @@ -86996,7 +86992,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { [ "database", "init", - ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : [overwriteFlag], + ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : ["--force-overwrite"], "--db-cluster", config.dbLocation, `--source-root=${sourceRoot}`, @@ -87007,7 +87003,14 @@ async function getCodeQLForCmd(cmd, checkVersion) { // Some user configs specify `--no-calculate-baseline` as an additional // argument to `codeql database init`. Therefore ignore the baseline file // options here to avoid specifying the same argument twice and erroring. - ignoringOptions: ["--overwrite", ...baselineFilesOptions] + // + // Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if + // the user has configured `--overwrite`. + ignoringOptions: [ + "--force-overwrite", + "--overwrite", + ...baselineFilesOptions + ] }) ], { stdin: externalRepositoryToken } diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 74be78daf7..addfda6658 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -88723,10 +88723,6 @@ async function getCodeQLForCmd(cmd, checkVersion) { if (qlconfigFile !== void 0) { extraArgs.push(`--qlconfig-file=${qlconfigFile}`); } - const overwriteFlag = isSupportedToolsFeature( - await this.getVersion(), - "forceOverwrite" /* ForceOverwrite */ - ) ? "--force-overwrite" : "--overwrite"; const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( @@ -88747,7 +88743,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { [ "database", "init", - ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : [overwriteFlag], + ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : ["--force-overwrite"], "--db-cluster", config.dbLocation, `--source-root=${sourceRoot}`, @@ -88758,7 +88754,14 @@ async function getCodeQLForCmd(cmd, checkVersion) { // Some user configs specify `--no-calculate-baseline` as an additional // argument to `codeql database init`. Therefore ignore the baseline file // options here to avoid specifying the same argument twice and erroring. - ignoringOptions: ["--overwrite", ...baselineFilesOptions] + // + // Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if + // the user has configured `--overwrite`. + ignoringOptions: [ + "--force-overwrite", + "--overwrite", + ...baselineFilesOptions + ] }) ], { stdin: externalRepositoryToken } diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 16d1d4e480..cccd12f296 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -91336,10 +91336,6 @@ async function getCodeQLForCmd(cmd, checkVersion) { if (qlconfigFile !== void 0) { extraArgs.push(`--qlconfig-file=${qlconfigFile}`); } - const overwriteFlag = isSupportedToolsFeature( - await this.getVersion(), - "forceOverwrite" /* ForceOverwrite */ - ) ? "--force-overwrite" : "--overwrite"; const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( @@ -91360,7 +91356,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { [ "database", "init", - ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : [overwriteFlag], + ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : ["--force-overwrite"], "--db-cluster", config.dbLocation, `--source-root=${sourceRoot}`, @@ -91371,7 +91367,14 @@ async function getCodeQLForCmd(cmd, checkVersion) { // Some user configs specify `--no-calculate-baseline` as an additional // argument to `codeql database init`. Therefore ignore the baseline file // options here to avoid specifying the same argument twice and erroring. - ignoringOptions: ["--overwrite", ...baselineFilesOptions] + // + // Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if + // the user has configured `--overwrite`. + ignoringOptions: [ + "--force-overwrite", + "--overwrite", + ...baselineFilesOptions + ] }) ], { stdin: externalRepositoryToken } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 4e2f843bb0..e03fd069f4 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -92007,10 +92007,6 @@ async function getCodeQLForCmd(cmd, checkVersion) { if (qlconfigFile !== void 0) { extraArgs.push(`--qlconfig-file=${qlconfigFile}`); } - const overwriteFlag = isSupportedToolsFeature( - await this.getVersion(), - "forceOverwrite" /* ForceOverwrite */ - ) ? "--force-overwrite" : "--overwrite"; const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( @@ -92031,7 +92027,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { [ "database", "init", - ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : [overwriteFlag], + ...overlayDatabaseMode === "overlay" /* Overlay */ ? [] : ["--force-overwrite"], "--db-cluster", config.dbLocation, `--source-root=${sourceRoot}`, @@ -92042,7 +92038,14 @@ async function getCodeQLForCmd(cmd, checkVersion) { // Some user configs specify `--no-calculate-baseline` as an additional // argument to `codeql database init`. Therefore ignore the baseline file // options here to avoid specifying the same argument twice and erroring. - ignoringOptions: ["--overwrite", ...baselineFilesOptions] + // + // Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if + // the user has configured `--overwrite`. + ignoringOptions: [ + "--force-overwrite", + "--overwrite", + ...baselineFilesOptions + ] }) ], { stdin: externalRepositoryToken } diff --git a/src/codeql.test.ts b/src/codeql.test.ts index 77fce4d3b7..dea4cf04af 100644 --- a/src/codeql.test.ts +++ b/src/codeql.test.ts @@ -1072,7 +1072,7 @@ test.serial( ); test.serial( - "Avoids duplicating --overwrite flag if specified in CODEQL_ACTION_EXTRA_OPTIONS", + "Avoids duplicating --force-overwrite flag if specified in CODEQL_ACTION_EXTRA_OPTIONS", async (t) => { const runnerConstructorStub = stubToolRunnerConstructor(); const codeqlObject = await stubCodeql(); @@ -1080,7 +1080,7 @@ test.serial( sinon.stub(io, "which").resolves(""); process.env["CODEQL_ACTION_EXTRA_OPTIONS"] = - '{ "database": { "init": ["--overwrite"] } }'; + '{ "database": { "init": ["--force-overwrite"] } }'; await codeqlObject.databaseInitCluster( stubConfig, @@ -1093,9 +1093,9 @@ test.serial( t.true(runnerConstructorStub.calledOnce); const args = runnerConstructorStub.firstCall.args[1] as string[]; t.is( - args.filter((option: string) => option === "--overwrite").length, + args.filter((option: string) => option === "--force-overwrite").length, 1, - "--overwrite should only be passed once", + "--force-overwrite should only be passed once", ); // Clean up diff --git a/src/codeql.ts b/src/codeql.ts index 38383c35bb..72fea765c2 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -592,13 +592,6 @@ async function getCodeQLForCmd( extraArgs.push(`--qlconfig-file=${qlconfigFile}`); } - const overwriteFlag = isSupportedToolsFeature( - await this.getVersion(), - ToolsFeature.ForceOverwrite, - ) - ? "--force-overwrite" - : "--overwrite"; - const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === OverlayDatabaseMode.Overlay) { const overlayChangesFile = await writeOverlayChangesFile( @@ -625,7 +618,7 @@ async function getCodeQLForCmd( "init", ...(overlayDatabaseMode === OverlayDatabaseMode.Overlay ? [] - : [overwriteFlag]), + : ["--force-overwrite"]), "--db-cluster", config.dbLocation, `--source-root=${sourceRoot}`, @@ -636,7 +629,14 @@ async function getCodeQLForCmd( // Some user configs specify `--no-calculate-baseline` as an additional // argument to `codeql database init`. Therefore ignore the baseline file // options here to avoid specifying the same argument twice and erroring. - ignoringOptions: ["--overwrite", ...baselineFilesOptions], + // + // Ignore `--overwrite` to avoid passing both `--force-overwrite` and `--overwrite` if + // the user has configured `--overwrite`. + ignoringOptions: [ + "--force-overwrite", + "--overwrite", + ...baselineFilesOptions, + ], }), ], { stdin: externalRepositoryToken }, diff --git a/src/tools-features.test.ts b/src/tools-features.test.ts index 2192ea7a49..825b9c1eb3 100644 --- a/src/tools-features.test.ts +++ b/src/tools-features.test.ts @@ -6,9 +6,13 @@ import { ToolsFeature, isSupportedToolsFeature } from "./tools-features"; test("isSupportedToolsFeature", async (t) => { const versionInfo = makeVersionInfo("1.0.0"); - t.false(isSupportedToolsFeature(versionInfo, ToolsFeature.ForceOverwrite)); + t.false( + isSupportedToolsFeature(versionInfo, ToolsFeature.BundleSupportsOverlay), + ); - versionInfo.features = { forceOverwrite: true }; + versionInfo.features = { bundleSupportsOverlay: true }; - t.true(isSupportedToolsFeature(versionInfo, ToolsFeature.ForceOverwrite)); + t.true( + isSupportedToolsFeature(versionInfo, ToolsFeature.BundleSupportsOverlay), + ); }); diff --git a/src/tools-features.ts b/src/tools-features.ts index bba64de23a..6a88c4faab 100644 --- a/src/tools-features.ts +++ b/src/tools-features.ts @@ -7,7 +7,6 @@ export enum ToolsFeature { BundleSupportsIncludeOption = "bundleSupportsIncludeOption", BundleSupportsOverlay = "bundleSupportsOverlay", DatabaseInterpretResultsSupportsSarifRunProperty = "databaseInterpretResultsSupportsSarifRunProperty", - ForceOverwrite = "forceOverwrite", IndirectTracingSupportsStaticBinaries = "indirectTracingSupportsStaticBinaries", SuppressesMissingFileBaselineWarning = "suppressesMissingFileBaselineWarning", } From a333d64ec40a2bda9381f84504aec106e2d76676 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 12 May 2026 19:10:08 +0100 Subject: [PATCH 3/6] Remove `DatabaseInterpretResultsSupportsSarifRunProperty` tools feature This feature has been supported since CodeQL CLI v2.19.0 --- lib/analyze-action-post.js | 8 +++----- lib/analyze-action.js | 8 +++----- lib/autobuild-action.js | 8 +++----- lib/init-action-post.js | 8 +++----- lib/init-action.js | 8 +++----- lib/resolve-environment-action.js | 8 +++----- lib/setup-codeql-action.js | 8 +++----- lib/upload-lib.js | 8 +++----- lib/upload-sarif-action.js | 8 +++----- src/codeql.ts | 11 +++-------- src/tools-features.ts | 1 - 11 files changed, 30 insertions(+), 54 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 914dab2386..a44efdbb3d 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -128369,7 +128369,7 @@ ${output}` "--sarif-group-rules-by-pack", "--sarif-include-query-help=always", "--sublanguage-file-coverage", - ...await getJobRunUuidSarifOptions(this), + ...await getJobRunUuidSarifOptions(), ...getExtraOptionsFromEnv(["database", "interpret-results"]) ]; if (sarifRunPropertyFlag !== void 0) { @@ -128650,11 +128650,9 @@ function applyAutobuildAzurePipelinesTimeoutFix() { "-Dmaven.wagon.http.pool=false" ].join(" "); } -async function getJobRunUuidSarifOptions(codeql) { +async function getJobRunUuidSarifOptions() { const jobRunUuid = process.env["JOB_RUN_UUID" /* JOB_RUN_UUID */]; - return jobRunUuid && await codeql.supportsFeature( - "databaseInterpretResultsSupportsSarifRunProperty" /* DatabaseInterpretResultsSupportsSarifRunProperty */ - ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; + return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } // src/debug-artifacts.ts diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 86bafba5f9..b15b7c2cca 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -92540,7 +92540,7 @@ ${output}` "--sarif-group-rules-by-pack", "--sarif-include-query-help=always", "--sublanguage-file-coverage", - ...await getJobRunUuidSarifOptions(this), + ...await getJobRunUuidSarifOptions(), ...getExtraOptionsFromEnv(["database", "interpret-results"]) ]; if (sarifRunPropertyFlag !== void 0) { @@ -92821,11 +92821,9 @@ function applyAutobuildAzurePipelinesTimeoutFix() { "-Dmaven.wagon.http.pool=false" ].join(" "); } -async function getJobRunUuidSarifOptions(codeql) { +async function getJobRunUuidSarifOptions() { const jobRunUuid = process.env["JOB_RUN_UUID" /* JOB_RUN_UUID */]; - return jobRunUuid && await codeql.supportsFeature( - "databaseInterpretResultsSupportsSarifRunProperty" /* DatabaseInterpretResultsSupportsSarifRunProperty */ - ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; + return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } // src/autobuild.ts diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 970840e3af..2a637757de 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -87543,7 +87543,7 @@ ${output}` "--sarif-group-rules-by-pack", "--sarif-include-query-help=always", "--sublanguage-file-coverage", - ...await getJobRunUuidSarifOptions(this), + ...await getJobRunUuidSarifOptions(), ...getExtraOptionsFromEnv(["database", "interpret-results"]) ]; if (sarifRunPropertyFlag !== void 0) { @@ -87824,11 +87824,9 @@ function applyAutobuildAzurePipelinesTimeoutFix() { "-Dmaven.wagon.http.pool=false" ].join(" "); } -async function getJobRunUuidSarifOptions(codeql) { +async function getJobRunUuidSarifOptions() { const jobRunUuid = process.env["JOB_RUN_UUID" /* JOB_RUN_UUID */]; - return jobRunUuid && await codeql.supportsFeature( - "databaseInterpretResultsSupportsSarifRunProperty" /* DatabaseInterpretResultsSupportsSarifRunProperty */ - ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; + return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } // src/autobuild.ts diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 68eec46132..6e75f3e39c 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -133478,7 +133478,7 @@ ${output}` "--sarif-group-rules-by-pack", "--sarif-include-query-help=always", "--sublanguage-file-coverage", - ...await getJobRunUuidSarifOptions(this), + ...await getJobRunUuidSarifOptions(), ...getExtraOptionsFromEnv(["database", "interpret-results"]) ]; if (sarifRunPropertyFlag !== void 0) { @@ -133759,11 +133759,9 @@ function applyAutobuildAzurePipelinesTimeoutFix() { "-Dmaven.wagon.http.pool=false" ].join(" "); } -async function getJobRunUuidSarifOptions(codeql) { +async function getJobRunUuidSarifOptions() { const jobRunUuid = process.env["JOB_RUN_UUID" /* JOB_RUN_UUID */]; - return jobRunUuid && await codeql.supportsFeature( - "databaseInterpretResultsSupportsSarifRunProperty" /* DatabaseInterpretResultsSupportsSarifRunProperty */ - ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; + return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } // src/debug-artifacts.ts diff --git a/lib/init-action.js b/lib/init-action.js index a506447d95..b87a46b4ae 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -91452,7 +91452,7 @@ ${output}` "--sarif-group-rules-by-pack", "--sarif-include-query-help=always", "--sublanguage-file-coverage", - ...await getJobRunUuidSarifOptions(this), + ...await getJobRunUuidSarifOptions(), ...getExtraOptionsFromEnv(["database", "interpret-results"]) ]; if (sarifRunPropertyFlag !== void 0) { @@ -91733,11 +91733,9 @@ function applyAutobuildAzurePipelinesTimeoutFix() { "-Dmaven.wagon.http.pool=false" ].join(" "); } -async function getJobRunUuidSarifOptions(codeql) { +async function getJobRunUuidSarifOptions() { const jobRunUuid = process.env["JOB_RUN_UUID" /* JOB_RUN_UUID */]; - return jobRunUuid && await codeql.supportsFeature( - "databaseInterpretResultsSupportsSarifRunProperty" /* DatabaseInterpretResultsSupportsSarifRunProperty */ - ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; + return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } // src/init.ts diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 3ea89969c2..eebea393ef 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -87175,7 +87175,7 @@ ${output}` "--sarif-group-rules-by-pack", "--sarif-include-query-help=always", "--sublanguage-file-coverage", - ...await getJobRunUuidSarifOptions(this), + ...await getJobRunUuidSarifOptions(), ...getExtraOptionsFromEnv(["database", "interpret-results"]) ]; if (sarifRunPropertyFlag !== void 0) { @@ -87456,11 +87456,9 @@ function applyAutobuildAzurePipelinesTimeoutFix() { "-Dmaven.wagon.http.pool=false" ].join(" "); } -async function getJobRunUuidSarifOptions(codeql) { +async function getJobRunUuidSarifOptions() { const jobRunUuid = process.env["JOB_RUN_UUID" /* JOB_RUN_UUID */]; - return jobRunUuid && await codeql.supportsFeature( - "databaseInterpretResultsSupportsSarifRunProperty" /* DatabaseInterpretResultsSupportsSarifRunProperty */ - ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; + return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } // src/resolve-environment.ts diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index addfda6658..d3be98cdc4 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -88926,7 +88926,7 @@ ${output}` "--sarif-group-rules-by-pack", "--sarif-include-query-help=always", "--sublanguage-file-coverage", - ...await getJobRunUuidSarifOptions(this), + ...await getJobRunUuidSarifOptions(), ...getExtraOptionsFromEnv(["database", "interpret-results"]) ]; if (sarifRunPropertyFlag !== void 0) { @@ -89207,11 +89207,9 @@ function applyAutobuildAzurePipelinesTimeoutFix() { "-Dmaven.wagon.http.pool=false" ].join(" "); } -async function getJobRunUuidSarifOptions(codeql) { +async function getJobRunUuidSarifOptions() { const jobRunUuid = process.env["JOB_RUN_UUID" /* JOB_RUN_UUID */]; - return jobRunUuid && await codeql.supportsFeature( - "databaseInterpretResultsSupportsSarifRunProperty" /* DatabaseInterpretResultsSupportsSarifRunProperty */ - ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; + return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } // src/init.ts diff --git a/lib/upload-lib.js b/lib/upload-lib.js index cccd12f296..7e4fc362c4 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -91539,7 +91539,7 @@ ${output}` "--sarif-group-rules-by-pack", "--sarif-include-query-help=always", "--sublanguage-file-coverage", - ...await getJobRunUuidSarifOptions(this), + ...await getJobRunUuidSarifOptions(), ...getExtraOptionsFromEnv(["database", "interpret-results"]) ]; if (sarifRunPropertyFlag !== void 0) { @@ -91820,11 +91820,9 @@ function applyAutobuildAzurePipelinesTimeoutFix() { "-Dmaven.wagon.http.pool=false" ].join(" "); } -async function getJobRunUuidSarifOptions(codeql) { +async function getJobRunUuidSarifOptions() { const jobRunUuid = process.env["JOB_RUN_UUID" /* JOB_RUN_UUID */]; - return jobRunUuid && await codeql.supportsFeature( - "databaseInterpretResultsSupportsSarifRunProperty" /* DatabaseInterpretResultsSupportsSarifRunProperty */ - ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; + return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } // src/fingerprints.ts diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index e03fd069f4..a5be314448 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -92210,7 +92210,7 @@ ${output}` "--sarif-group-rules-by-pack", "--sarif-include-query-help=always", "--sublanguage-file-coverage", - ...await getJobRunUuidSarifOptions(this), + ...await getJobRunUuidSarifOptions(), ...getExtraOptionsFromEnv(["database", "interpret-results"]) ]; if (sarifRunPropertyFlag !== void 0) { @@ -92491,11 +92491,9 @@ function applyAutobuildAzurePipelinesTimeoutFix() { "-Dmaven.wagon.http.pool=false" ].join(" "); } -async function getJobRunUuidSarifOptions(codeql) { +async function getJobRunUuidSarifOptions() { const jobRunUuid = process.env["JOB_RUN_UUID" /* JOB_RUN_UUID */]; - return jobRunUuid && await codeql.supportsFeature( - "databaseInterpretResultsSupportsSarifRunProperty" /* DatabaseInterpretResultsSupportsSarifRunProperty */ - ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; + return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } // src/fingerprints.ts diff --git a/src/codeql.ts b/src/codeql.ts index 72fea765c2..19f933c39a 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -853,7 +853,7 @@ async function getCodeQLForCmd( "--sarif-group-rules-by-pack", "--sarif-include-query-help=always", "--sublanguage-file-coverage", - ...(await getJobRunUuidSarifOptions(this)), + ...(await getJobRunUuidSarifOptions()), ...getExtraOptionsFromEnv(["database", "interpret-results"]), ]; if (sarifRunPropertyFlag !== undefined) { @@ -1283,13 +1283,8 @@ function applyAutobuildAzurePipelinesTimeoutFix() { ].join(" "); } -async function getJobRunUuidSarifOptions(codeql: CodeQL) { +async function getJobRunUuidSarifOptions() { const jobRunUuid = process.env[EnvVar.JOB_RUN_UUID]; - return jobRunUuid && - (await codeql.supportsFeature( - ToolsFeature.DatabaseInterpretResultsSupportsSarifRunProperty, - )) - ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] - : []; + return jobRunUuid ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } diff --git a/src/tools-features.ts b/src/tools-features.ts index 6a88c4faab..ff87b754da 100644 --- a/src/tools-features.ts +++ b/src/tools-features.ts @@ -6,7 +6,6 @@ export enum ToolsFeature { BuiltinExtractorsSpecifyDefaultQueries = "builtinExtractorsSpecifyDefaultQueries", BundleSupportsIncludeOption = "bundleSupportsIncludeOption", BundleSupportsOverlay = "bundleSupportsOverlay", - DatabaseInterpretResultsSupportsSarifRunProperty = "databaseInterpretResultsSupportsSarifRunProperty", IndirectTracingSupportsStaticBinaries = "indirectTracingSupportsStaticBinaries", SuppressesMissingFileBaselineWarning = "suppressesMissingFileBaselineWarning", } From b9866406721016af3b5eb6c578e8a6ae24c573a9 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 12 May 2026 19:20:48 +0100 Subject: [PATCH 4/6] Add note about `CODEQL_VERSION_ZSTD_BUNDLE` --- src/feature-flags.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/feature-flags.ts b/src/feature-flags.ts index e31f8bea7b..2a94c58643 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -26,6 +26,9 @@ const DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled"; /** * The first version of the CodeQL Bundle that shipped with zstd-compressed bundles. + * + * This is now below the minimum version of CodeQL, but we keep this around because we currently set + * up CodeQL before checking that the version is new enough. */ export const CODEQL_VERSION_ZSTD_BUNDLE = "2.19.0"; From 9c3aedb4cd14530e690be6645ab03e2963baa26b Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 13 May 2026 14:25:03 +0100 Subject: [PATCH 5/6] Update PR check testing matrix --- .github/workflows/__go-tracing-autobuilder.yml | 8 ++++---- .../__go-tracing-custom-build-steps.yml | 8 ++++---- .../workflows/__go-tracing-legacy-workflow.yml | 8 ++++---- .../workflows/__multi-language-autodetect.yml | 16 ++++++++-------- .github/workflows/__rust.yml | 2 +- pr-checks/checks/rust.yml | 2 +- pr-checks/sync.ts | 8 ++++---- 7 files changed, 26 insertions(+), 26 deletions(-) diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index f014d2cf68..f44a512f85 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -49,10 +49,6 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest - version: stable-v2.17.6 - - os: ubuntu-latest - version: stable-v2.18.4 - os: ubuntu-latest version: stable-v2.19.4 - os: ubuntu-latest @@ -61,6 +57,10 @@ jobs: version: stable-v2.21.4 - os: ubuntu-latest version: stable-v2.22.4 + - os: ubuntu-latest + version: stable-v2.23.9 + - os: ubuntu-latest + version: stable-v2.24.3 - os: ubuntu-latest version: default - os: ubuntu-latest diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index 4b4782572b..aae22d8c01 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -49,10 +49,6 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest - version: stable-v2.17.6 - - os: ubuntu-latest - version: stable-v2.18.4 - os: ubuntu-latest version: stable-v2.19.4 - os: ubuntu-latest @@ -61,6 +57,10 @@ jobs: version: stable-v2.21.4 - os: ubuntu-latest version: stable-v2.22.4 + - os: ubuntu-latest + version: stable-v2.23.9 + - os: ubuntu-latest + version: stable-v2.24.3 - os: ubuntu-latest version: default - os: ubuntu-latest diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 101ad8024d..cce0102575 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -49,10 +49,6 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest - version: stable-v2.17.6 - - os: ubuntu-latest - version: stable-v2.18.4 - os: ubuntu-latest version: stable-v2.19.4 - os: ubuntu-latest @@ -61,6 +57,10 @@ jobs: version: stable-v2.21.4 - os: ubuntu-latest version: stable-v2.22.4 + - os: ubuntu-latest + version: stable-v2.23.9 + - os: ubuntu-latest + version: stable-v2.24.3 - os: ubuntu-latest version: default - os: ubuntu-latest diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 33dbd2f69d..4ae7c3b75e 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -59,14 +59,6 @@ jobs: fail-fast: false matrix: include: - - os: ubuntu-latest - version: stable-v2.17.6 - - os: macos-latest - version: stable-v2.17.6 - - os: ubuntu-latest - version: stable-v2.18.4 - - os: macos-latest - version: stable-v2.18.4 - os: ubuntu-latest version: stable-v2.19.4 - os: macos-latest @@ -83,6 +75,14 @@ jobs: version: stable-v2.22.4 - os: macos-latest version: stable-v2.22.4 + - os: ubuntu-latest + version: stable-v2.23.9 + - os: macos-latest + version: stable-v2.23.9 + - os: ubuntu-latest + version: stable-v2.24.3 + - os: macos-latest + version: stable-v2.24.3 - os: ubuntu-latest version: default - os: macos-latest diff --git a/.github/workflows/__rust.yml b/.github/workflows/__rust.yml index 92793f54ae..1c3d18d16e 100644 --- a/.github/workflows/__rust.yml +++ b/.github/workflows/__rust.yml @@ -40,7 +40,7 @@ jobs: matrix: include: - os: ubuntu-latest - version: stable-v2.19.3 + version: stable-v2.19.4 - os: ubuntu-latest version: stable-v2.22.1 - os: ubuntu-latest diff --git a/pr-checks/checks/rust.yml b/pr-checks/checks/rust.yml index c19fc986da..8589ba80e5 100644 --- a/pr-checks/checks/rust.yml +++ b/pr-checks/checks/rust.yml @@ -2,7 +2,7 @@ name: "Rust analysis" description: "Tests creation of a Rust database" versions: # experimental rust support introduced, requires action to set `CODEQL_ENABLE_EXPERIMENTAL_FEATURES` - - stable-v2.19.3 + - stable-v2.19.4 # first public preview version - stable-v2.22.1 - linked diff --git a/pr-checks/sync.ts b/pr-checks/sync.ts index e46fca2483..ccf086977f 100755 --- a/pr-checks/sync.ts +++ b/pr-checks/sync.ts @@ -97,10 +97,6 @@ type LanguageSetups = Partial>; // The default set of CodeQL Bundle versions to use for the PR checks. const defaultTestVersions = [ // The oldest supported CodeQL version. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts` - "stable-v2.17.6", - // The last CodeQL release in the 2.18 series. - "stable-v2.18.4", - // The last CodeQL release in the 2.19 series. "stable-v2.19.4", // The last CodeQL release in the 2.20 series. "stable-v2.20.7", @@ -108,6 +104,10 @@ const defaultTestVersions = [ "stable-v2.21.4", // The last CodeQL release in the 2.22 series. "stable-v2.22.4", + // The last CodeQL release in the 2.23 series. + "stable-v2.23.9", + // The last CodeQL release in the 2.24 series. + "stable-v2.24.3", // The default version of CodeQL for Dotcom, as determined by feature flags. "default", // The version of CodeQL shipped with the Action in `defaults.json`. During the release process From e94195c896d4cb30349af7a0fd270dcb76a129ce Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 18 May 2026 14:27:03 +0100 Subject: [PATCH 6/6] Move changelog note to right place --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6bbc73b676..45fccfb9fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] +- _Breaking change_: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://github.com/github/codeql-action/pull/3894) - Add support for SHA-256 Git object IDs. [#3893](https://github.com/github/codeql-action/pull/3893) ## 4.35.5 - 15 May 2026 @@ -12,7 +13,6 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th - For performance and accuracy reasons, [improved incremental analysis](https://github.com/github/roadmap/issues/1158) will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. [#3791](https://github.com/github/codeql-action/pull/3791) - If multiple inputs are provided for the GitHub-internal `analysis-kinds` input, only `code-scanning` will be enabled. The `analysis-kinds` input is experimental, for GitHub-internal use only, and may change without notice at any time. [#3892](https://github.com/github/codeql-action/pull/3892) - Added an experimental change which, when running a Code Scanning analysis for a PR with [improved incremental analysis](https://github.com/github/roadmap/issues/1158) enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. [#3880](https://github.com/github/codeql-action/pull/3880) -- _Breaking change_: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://github.com/github/codeql-action/pull/3894) ## 4.35.4 - 07 May 2026