From dd8914320f183a2820ffe1a91b9fc453164493e6 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Wed, 3 Dec 2025 09:15:15 +0100 Subject: [PATCH 1/9] CodeQL: Add resolveDatabase method --- lib/analyze-action-post.js | 17 +++++++++++++++++ lib/analyze-action.js | 17 +++++++++++++++++ lib/autobuild-action.js | 17 +++++++++++++++++ lib/init-action-post.js | 17 +++++++++++++++++ lib/init-action.js | 17 +++++++++++++++++ lib/resolve-environment-action.js | 17 +++++++++++++++++ lib/setup-codeql-action.js | 17 +++++++++++++++++ lib/upload-lib.js | 17 +++++++++++++++++ lib/upload-sarif-action.js | 17 +++++++++++++++++ src/codeql.ts | 26 ++++++++++++++++++++++++++ 10 files changed, 179 insertions(+) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index b4ee3c8d5b..4b90e5a46d 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -120735,6 +120735,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 1ba7f39e93..e05bbd8c8e 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -90887,6 +90887,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 10b30f64d5..20325380ce 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -84973,6 +84973,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index b6a4215af5..99780c4156 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -125350,6 +125350,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/init-action.js b/lib/init-action.js index 8f5b7f8871..939cab918e 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -89147,6 +89147,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 6e159d31a4..ffaf4d1621 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -84672,6 +84672,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 74b84a122f..4f9d6af4fc 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -85975,6 +85975,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 4f3f1fa46b..aacb1837df 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -88697,6 +88697,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index ba2c9118cf..5908e956ef 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -89215,6 +89215,23 @@ ${output}` ); } }, + async resolveDatabase(databasePath) { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]) + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + try { + return JSON.parse(output); + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}` + ); + } + }, async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false }) { diff --git a/src/codeql.ts b/src/codeql.ts index 2b86d843f3..f597931931 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -206,6 +206,7 @@ export interface CodeQL { * Run 'codeql resolve queries --format=startingpacks'. */ resolveQueriesStartingPacks(queries: string[]): Promise; + resolveDatabase(databasePath: string): Promise; /** * Run 'codeql github merge-results'. */ @@ -230,6 +231,10 @@ export interface VersionInfo { overlayVersion?: number; } +export interface ResolveDatabaseOutput { + [key: string]: string | [string]; +} + export interface ResolveLanguagesOutput { [language: string]: [string]; } @@ -493,6 +498,7 @@ export function createStubCodeQL(partialCodeql: Partial): CodeQL { partialCodeql, "resolveQueriesStartingPacks", ), + resolveDatabase: resolveFunction(partialCodeql, "resolveDatabase"), mergeResults: resolveFunction(partialCodeql, "mergeResults"), }; } @@ -1003,6 +1009,26 @@ async function getCodeQLForCmd( ); } }, + async resolveDatabase( + databasePath: string, + ): Promise { + const codeqlArgs = [ + "resolve", + "database", + databasePath, + "--format=json", + ...getExtraOptionsFromEnv(["resolve", "database"]), + ]; + const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true }); + + try { + return JSON.parse(output) as ResolveDatabaseOutput; + } catch (e) { + throw new Error( + `Unexpected output from codeql resolve database --format=json: ${e}`, + ); + } + }, async mergeResults( sarifFiles: string[], outputFile: string, From c4efbda2999d6895931c401bf16d97750bd3650e Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Wed, 3 Dec 2025 09:16:45 +0100 Subject: [PATCH 2/9] Overlay: Check database metadata for overlayBaseSpecifier --- lib/analyze-action.js | 22 +++++++++++++-- lib/init-action.js | 22 +++++++++++++-- src/overlay-database-utils.test.ts | 44 ++++++++++++++++++++++++++++-- src/overlay-database-utils.ts | 35 +++++++++++++++++++++--- 4 files changed, 112 insertions(+), 11 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index e05bbd8c8e..c4d488ab8a 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -88512,7 +88512,7 @@ function computeChangedFiles(baseFileOids, overlayFileOids) { var CACHE_VERSION = 1; var CACHE_PREFIX = "codeql-overlay-base-database"; var MAX_CACHE_OPERATION_MS = 6e5; -function checkOverlayBaseDatabase(config, logger, warningPrefix) { +async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); if (!fs3.existsSync(baseDatabaseOidsFilePath)) { logger.warning( @@ -88520,6 +88520,23 @@ function checkOverlayBaseDatabase(config, logger, warningPrefix) { ); return false; } + for (const language of config.languages) { + const dbPath = getCodeQLDatabasePath(config, language); + try { + const resolveDatabaseOutput = await codeql.resolveDatabase(dbPath); + if (resolveDatabaseOutput === void 0 || !("overlayBaseSpecifier" in resolveDatabaseOutput)) { + logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); + return false; + } else { + logger.info( + `Overlay base specifier for ${language} overlay-base database found: ${resolveDatabaseOutput.overlayBaseSpecifier}` + ); + } + } catch (e) { + logger.warning(`${warningPrefix}: failed to resolve database: ${e}`); + return false; + } + } return true; } async function cleanupAndUploadOverlayBaseDatabaseToCache(codeql, config, logger) { @@ -88542,7 +88559,8 @@ async function cleanupAndUploadOverlayBaseDatabaseToCache(codeql, config, logger ); return false; } - const databaseIsValid = checkOverlayBaseDatabase( + const databaseIsValid = await checkOverlayBaseDatabase( + codeql, config, logger, "Abort uploading overlay-base database to cache" diff --git a/lib/init-action.js b/lib/init-action.js index 939cab918e..0af2f67e84 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -85914,7 +85914,7 @@ function computeChangedFiles(baseFileOids, overlayFileOids) { var CACHE_VERSION = 1; var CACHE_PREFIX = "codeql-overlay-base-database"; var MAX_CACHE_OPERATION_MS = 6e5; -function checkOverlayBaseDatabase(config, logger, warningPrefix) { +async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); if (!fs3.existsSync(baseDatabaseOidsFilePath)) { logger.warning( @@ -85922,6 +85922,23 @@ function checkOverlayBaseDatabase(config, logger, warningPrefix) { ); return false; } + for (const language of config.languages) { + const dbPath = getCodeQLDatabasePath(config, language); + try { + const resolveDatabaseOutput = await codeql.resolveDatabase(dbPath); + if (resolveDatabaseOutput === void 0 || !("overlayBaseSpecifier" in resolveDatabaseOutput)) { + logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); + return false; + } else { + logger.info( + `Overlay base specifier for ${language} overlay-base database found: ${resolveDatabaseOutput.overlayBaseSpecifier}` + ); + } + } catch (e) { + logger.warning(`${warningPrefix}: failed to resolve database: ${e}`); + return false; + } + } return true; } async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) { @@ -86009,7 +86026,8 @@ async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) { ); return void 0; } - const databaseIsValid = checkOverlayBaseDatabase( + const databaseIsValid = await checkOverlayBaseDatabase( + codeql, config, logger, "Downloaded overlay-base database is invalid" diff --git a/src/overlay-database-utils.test.ts b/src/overlay-database-utils.test.ts index cee0d45f13..db47d4d879 100644 --- a/src/overlay-database-utils.test.ts +++ b/src/overlay-database-utils.test.ts @@ -7,7 +7,9 @@ import * as sinon from "sinon"; import * as actionsUtil from "./actions-util"; import * as apiClient from "./api-client"; +import { ResolveDatabaseOutput } from "./codeql"; import * as gitUtils from "./git-utils"; +import { KnownLanguage } from "./languages"; import { getRunnerLogger } from "./logging"; import { downloadOverlayBaseDatabaseFromCache, @@ -95,6 +97,7 @@ interface DownloadOverlayBaseDatabaseTestCase { hasBaseDatabaseOidsFile: boolean; tryGetFolderBytesSucceeds: boolean; codeQLVersion: string; + resolveDatabaseOutput: ResolveDatabaseOutput | Error; } const defaultDownloadTestCase: DownloadOverlayBaseDatabaseTestCase = { @@ -105,6 +108,7 @@ const defaultDownloadTestCase: DownloadOverlayBaseDatabaseTestCase = { hasBaseDatabaseOidsFile: true, tryGetFolderBytesSucceeds: true, codeQLVersion: "2.20.5", + resolveDatabaseOutput: { overlayBaseSpecifier: "20250626:XXX" }, }; const testDownloadOverlayBaseDatabaseFromCache = test.macro({ @@ -119,9 +123,11 @@ const testDownloadOverlayBaseDatabaseFromCache = test.macro({ await fs.promises.mkdir(dbLocation, { recursive: true }); const logger = getRunnerLogger(true); - const config = createTestConfig({ dbLocation }); - const testCase = { ...defaultDownloadTestCase, ...partialTestCase }; + const config = createTestConfig({ + dbLocation, + languages: [KnownLanguage.java], + }); config.overlayDatabaseMode = testCase.overlayDatabaseMode; config.useOverlayDatabaseCaching = testCase.useOverlayDatabaseCaching; @@ -163,9 +169,23 @@ const testDownloadOverlayBaseDatabaseFromCache = test.macro({ .resolves(testCase.tryGetFolderBytesSucceeds ? 1024 * 1024 : undefined); stubs.push(tryGetFolderBytesStub); + const codeql = mockCodeQLVersion(testCase.codeQLVersion); + + if (testCase.resolveDatabaseOutput instanceof Error) { + const resolveDatabaseStub = sinon + .stub(codeql, "resolveDatabase") + .rejects(testCase.resolveDatabaseOutput); + stubs.push(resolveDatabaseStub); + } else { + const resolveDatabaseStub = sinon + .stub(codeql, "resolveDatabase") + .resolves(testCase.resolveDatabaseOutput); + stubs.push(resolveDatabaseStub); + } + try { const result = await downloadOverlayBaseDatabaseFromCache( - mockCodeQLVersion(testCase.codeQLVersion), + codeql, config, logger, ); @@ -255,6 +275,24 @@ test( false, ); +test( + testDownloadOverlayBaseDatabaseFromCache, + "returns undefined when downloaded database doesn't have an overlayBaseSpecifier", + { + resolveDatabaseOutput: {}, + }, + false, +); + +test( + testDownloadOverlayBaseDatabaseFromCache, + "returns undefined when resolving database metadata fails", + { + resolveDatabaseOutput: new Error("Failed to resolve database metadata"), + }, + false, +); + test( testDownloadOverlayBaseDatabaseFromCache, "returns undefined when filesystem error occurs", diff --git a/src/overlay-database-utils.ts b/src/overlay-database-utils.ts index a340bfe2b0..7db248bd1d 100644 --- a/src/overlay-database-utils.ts +++ b/src/overlay-database-utils.ts @@ -17,6 +17,7 @@ import { getCommitOid, getFileOidsUnderPath } from "./git-utils"; import { Logger, withGroupAsync } from "./logging"; import { CleanupLevel, + getCodeQLDatabasePath, getErrorMessage, isInTestMode, tryGetFolderBytes, @@ -176,11 +177,12 @@ const MAX_CACHE_OPERATION_MS = 600_000; * @param warningPrefix Prefix for the check failure warning message * @returns True if the verification succeeded, false otherwise */ -function checkOverlayBaseDatabase( +async function checkOverlayBaseDatabase( + codeql: CodeQL, config: Config, logger: Logger, warningPrefix: string, -): boolean { +): Promise { // An overlay-base database should contain the base database OIDs file. const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); if (!fs.existsSync(baseDatabaseOidsFilePath)) { @@ -189,6 +191,29 @@ function checkOverlayBaseDatabase( ); return false; } + + for (const language of config.languages) { + const dbPath = getCodeQLDatabasePath(config, language); + try { + const resolveDatabaseOutput = await codeql.resolveDatabase(dbPath); + if ( + resolveDatabaseOutput === undefined || + !("overlayBaseSpecifier" in resolveDatabaseOutput) + ) { + logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); + return false; + } else { + logger.info( + `Overlay base specifier for ${language} overlay-base database found: ` + + `${resolveDatabaseOutput.overlayBaseSpecifier}`, + ); + } + } catch (e) { + logger.warning(`${warningPrefix}: failed to resolve database: ${e}`); + return false; + } + } + return true; } @@ -232,7 +257,8 @@ export async function cleanupAndUploadOverlayBaseDatabaseToCache( return false; } - const databaseIsValid = checkOverlayBaseDatabase( + const databaseIsValid = await checkOverlayBaseDatabase( + codeql, config, logger, "Abort uploading overlay-base database to cache", @@ -415,7 +441,8 @@ export async function downloadOverlayBaseDatabaseFromCache( return undefined; } - const databaseIsValid = checkOverlayBaseDatabase( + const databaseIsValid = await checkOverlayBaseDatabase( + codeql, config, logger, "Downloaded overlay-base database is invalid", From b93926dc35101e6ea6a689056a46b740c274ea87 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 5 Dec 2025 17:19:09 +0000 Subject: [PATCH 3/9] Update changelog and version after v4.31.7 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd5fb920f6..253485dd4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 4.31.7 - 05 Dec 2025 - Update default CodeQL bundle version to 2.23.7. [#3343](https://github.com/github/codeql-action/pull/3343) diff --git a/package-lock.json b/package-lock.json index 8cc15a5f5c..3d3718239d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.31.7", + "version": "4.31.8", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.31.7", + "version": "4.31.8", "license": "MIT", "dependencies": { "@actions/artifact": "^4.0.0", diff --git a/package.json b/package.json index 32ea9facb1..6d892ecbb2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.31.7", + "version": "4.31.8", "private": true, "description": "CodeQL action", "scripts": { From 97c2630b10bd11032a1791444ba86763b11a21e1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 5 Dec 2025 17:21:46 +0000 Subject: [PATCH 4/9] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 88d0665c53..e333304f12 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 95d689b058..29ce929c4c 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 58ebe893fe..b1c5ece965 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 1dc7861144..1855833c5d 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action.js b/lib/init-action.js index 94cb71839a..8898c1eb8d 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 95681d88aa..095d85e390 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 757a371df9..437b605f60 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index ac38fef38e..7f461a22c9 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 7d282a3d29..16f308b6a7 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -47321,7 +47321,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 421bf23ebc..b35c4d665f 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -28924,7 +28924,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index ab66301a4b..8c466d1a3a 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index d0f6b08e23..3a822f9a96 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.7", + version: "4.31.8", private: true, description: "CodeQL action", scripts: { From 5b7e7fcc9c5a25e1129581e9733c0f6fb5078a71 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 9 Dec 2025 09:41:33 +0100 Subject: [PATCH 5/9] Update src/codeql.ts Co-authored-by: Henry Mercer --- src/codeql.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/codeql.ts b/src/codeql.ts index f597931931..33dd0db981 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -232,7 +232,7 @@ export interface VersionInfo { } export interface ResolveDatabaseOutput { - [key: string]: string | [string]; + overlayBaseSpecifier?: string; } export interface ResolveLanguagesOutput { From 002a7f25fdbaa5bc68ab7b87a336015eebea0b1f Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 9 Dec 2025 09:44:56 +0100 Subject: [PATCH 6/9] Overlay: log overlayBaseSpecifier at debug log-level --- lib/analyze-action.js | 2 +- lib/init-action.js | 2 +- src/overlay-database-utils.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index c4d488ab8a..0707879283 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -88528,7 +88528,7 @@ async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) { logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); return false; } else { - logger.info( + logger.debug( `Overlay base specifier for ${language} overlay-base database found: ${resolveDatabaseOutput.overlayBaseSpecifier}` ); } diff --git a/lib/init-action.js b/lib/init-action.js index 0af2f67e84..e74d27c82a 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -85930,7 +85930,7 @@ async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) { logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); return false; } else { - logger.info( + logger.debug( `Overlay base specifier for ${language} overlay-base database found: ${resolveDatabaseOutput.overlayBaseSpecifier}` ); } diff --git a/src/overlay-database-utils.ts b/src/overlay-database-utils.ts index 7db248bd1d..921fd0b8eb 100644 --- a/src/overlay-database-utils.ts +++ b/src/overlay-database-utils.ts @@ -203,7 +203,7 @@ async function checkOverlayBaseDatabase( logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`); return false; } else { - logger.info( + logger.debug( `Overlay base specifier for ${language} overlay-base database found: ` + `${resolveDatabaseOutput.overlayBaseSpecifier}`, ); From 2930dba17ac868bf1d3114f09837dbfb9619aa05 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 11 Dec 2025 15:46:14 +0000 Subject: [PATCH 7/9] Update default bundle to codeql-bundle-v2.23.8 --- lib/analyze-action.js | 4 ++-- lib/autobuild-action.js | 4 ++-- lib/defaults.json | 8 ++++---- lib/init-action-post.js | 4 ++-- lib/init-action.js | 4 ++-- lib/setup-codeql-action.js | 4 ++-- lib/start-proxy-action.js | 4 ++-- lib/upload-lib.js | 4 ++-- lib/upload-sarif-action.js | 4 ++-- src/defaults.json | 8 ++++---- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 48520792c9..7ba381fc20 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -88211,8 +88211,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index c7b2d59091..36f094bde6 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -83701,8 +83701,8 @@ var path3 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs2 = __toESM(require("fs")); diff --git a/lib/defaults.json b/lib/defaults.json index 04929fab3e..6f3dc42bf8 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.23.7", - "cliVersion": "2.23.7", - "priorBundleVersion": "codeql-bundle-v2.23.6", - "priorCliVersion": "2.23.6" + "bundleVersion": "codeql-bundle-v2.23.8", + "cliVersion": "2.23.8", + "priorBundleVersion": "codeql-bundle-v2.23.7", + "priorCliVersion": "2.23.7" } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 6699c08cab..04c9c69fef 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -123084,8 +123084,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/init-action.js b/lib/init-action.js index 77524b00ab..d1beb6611d 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -85635,8 +85635,8 @@ var path5 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 4b4c28abca..49ab3bf481 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -83589,8 +83589,8 @@ var path4 = __toESM(require("path")); var semver3 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 16f308b6a7..e70a7412bc 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -99720,8 +99720,8 @@ function getActionsLogger() { var core7 = __toESM(require_core()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/languages.ts var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 3ee72bb5cf..245288bc2f 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -86724,8 +86724,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 2efce87979..fd314e6acc 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -86505,8 +86505,8 @@ var path4 = __toESM(require("path")); var semver3 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.23.7"; -var cliVersion = "2.23.7"; +var bundleVersion = "codeql-bundle-v2.23.8"; +var cliVersion = "2.23.8"; // src/overlay-database-utils.ts var fs3 = __toESM(require("fs")); diff --git a/src/defaults.json b/src/defaults.json index 04929fab3e..6f3dc42bf8 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.23.7", - "cliVersion": "2.23.7", - "priorBundleVersion": "codeql-bundle-v2.23.6", - "priorCliVersion": "2.23.6" + "bundleVersion": "codeql-bundle-v2.23.8", + "cliVersion": "2.23.8", + "priorBundleVersion": "codeql-bundle-v2.23.7", + "priorCliVersion": "2.23.7" } From db812c1ae639aa466b2b1f4a921f823c54371173 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 11 Dec 2025 15:46:24 +0000 Subject: [PATCH 8/9] Add changelog note --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 253485dd4f..0589f45cd6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- Update default CodeQL bundle version to 2.23.8. [#3354](https://github.com/github/codeql-action/pull/3354) ## 4.31.7 - 05 Dec 2025 From 120f277b1613fcef1261eb850ba9b01ca444bbef Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 11 Dec 2025 17:23:34 +0000 Subject: [PATCH 9/9] Update changelog for v4.31.8 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0589f45cd6..f91b413d6d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 4.31.8 - 11 Dec 2025 - Update default CodeQL bundle version to 2.23.8. [#3354](https://github.com/github/codeql-action/pull/3354)