Undo some uneeded changes

Author: oscarsj

src/setup-codeql.test.ts

@@ -338,7 +338,7 @@ test.serial(
 
       // Afterwards, ensure that we see the expected messages in the log.
       checkExpectedLogMessages(t, loggedMessages, [
-        "Using the latest CodeQL CLI nightly, as requested.",
+        "Using the latest CodeQL CLI nightly, as requested by 'tools: nightly'.",
         `Bundle version ${expectedDate} is not in SemVer format. Will treat it as pre-release ${expectedVersion}.`,
         `Attempting to obtain CodeQL tools. CLI version: unknown, bundle tag name: ${expectedTag}`,
         `Using CodeQL CLI sourced from ${expectedURL}`,
@@ -455,7 +455,7 @@ test.serial(
 
       // Check that key messages we would expect to find in the log are present.
       const expectedMessages: string[] = [
-        `Attempting to use the latest CodeQL CLI version in the toolcache, as requested.`,
+        `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: toolcache'.`,
         `CLI version ${latestToolcacheVersion} is the latest version in the toolcache.`,
         `Using CodeQL CLI version ${latestToolcacheVersion} from toolcache at ${latestVersionPath}`,
       ];
@@ -540,7 +540,7 @@ test.serial(
   { GITHUB_EVENT_NAME: "dynamic" },
   [],
   [
-    `Attempting to use the latest CodeQL CLI version in the toolcache, as requested.`,
+    `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: toolcache'.`,
     `Found no CodeQL CLI in the toolcache, ignoring 'tools: toolcache'...`,
   ],
 );

src/setup-codeql.ts

@@ -359,7 +359,9 @@ export async function getCodeQLSource(
         ),
       );
     } else {
-      logger.info(`Using the latest CodeQL CLI nightly, as requested.`);
+      logger.info(
+        `Using the latest CodeQL CLI nightly, as requested by 'tools: ${toolsInput}'.`,
+      );
     }
     toolsInput = await getNightlyToolsUrl(logger);
   }
@@ -399,7 +401,7 @@ export async function getCodeQLSource(
 
     // We only allow `toolsInput === "toolcache"` for `dynamic` events. In general, using `toolsInput === "toolcache"`
     // can lead to alert wobble and so it shouldn't be used for an analysis where results are intended to be uploaded.
-    // We also allow this in test mode or when the input comes from a repository property.
+    // We also allow this in test mode.
     const allowToolcacheValueFF = await features.getValue(
       Feature.AllowToolcacheInput,
     );
@@ -410,7 +412,7 @@ export async function getCodeQLSource(
       // and use that. We perform this check here since we can set `cliVersion` directly and don't want to default to
       // the linked version.
       logger.info(
-        `Attempting to use the latest CodeQL CLI version in the toolcache, as requested.`,
+        `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`,
       );
 
       latestToolcacheVersion = getLatestToolcacheVersion(logger);

src/upload-lib.ts

@@ -47,7 +47,16 @@ const GENERIC_404_MSG =
 // Checks whether the deprecation warning for combining SARIF files should be shown.
 export async function shouldShowCombineSarifFilesDeprecationWarning(
   sarifObjects: Array<Partial<sarif.Log>>,
+  githubVersion: GitHubVersion,
 ) {
+  // Do not show this warning on GHES versions before 3.14.0
+  if (
+    githubVersion.type === GitHubVariant.GHES &&
+    satisfiesGHESVersion(githubVersion.version, "<3.14", true)
+  ) {
+    return false;
+  }
+
   // Only give a deprecation warning when not all runs are unique and
   // we haven't already shown the warning.
   return (
@@ -122,7 +131,12 @@ async function combineSarifFilesUsingCLI(
       "Not all SARIF files were produced by CodeQL. Merging files in the action.",
     );
 
-    if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects)) {
+    if (
+      await shouldShowCombineSarifFilesDeprecationWarning(
+        sarifObjects,
+        gitHubVersion,
+      )
+    ) {
       logger.warning(
         `Uploading multiple SARIF runs with the same category is deprecated ${deprecationWarningMessage}. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}`,
       );
@@ -883,12 +897,6 @@ export async function waitForProcessing(
         );
         break;
       }
-      if (!response) {
-        logger.warning(
-          "Unable to check analysis status due to missing response. It should still be processed in the background.",
-        );
-        break;
-      }
       const status = response.data.processing_status as ProcessingStatus;
       logger.info(`Analysis upload status is ${status}.`);
 
@@ -1045,7 +1053,7 @@ function sanitize(str?: string) {
   return (str ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase();
 }
 
-export function filterAlertsByDiffRange(
+function filterAlertsByDiffRange(
   logger: Logger,
   sarifLog: Partial<sarif.Log>,
 ): Partial<sarif.Log> {
@@ -1058,6 +1066,8 @@ export function filterAlertsByDiffRange(
     return sarifLog;
   }
 
+  const checkoutPath = actionsUtil.getRequiredInput("checkout_path");
+
   for (const run of sarifLog.runs) {
     if (run.results) {
       run.results = run.results.filter((result) => {
@@ -1072,14 +1082,19 @@ export function filterAlertsByDiffRange(
           if (!locationUri || locationStartLine === undefined) {
             return false;
           }
+          // CodeQL always uses forward slashes as the path separator, so on Windows we
+          // need to replace any backslashes with forward slashes.
+          const locationPath = path
+            .join(checkoutPath, locationUri)
+            .replaceAll(path.sep, "/");
           // Alert filtering here replicates the same behavior as the restrictAlertsTo
           // extensible predicate in CodeQL. See the restrictAlertsTo documentation
           // https://codeql.github.com/codeql-standard-libraries/csharp/codeql/util/AlertFiltering.qll/predicate.AlertFiltering$restrictAlertsTo.3.html
           // for more details, such as why the filtering applies only to the first line
           // of an alert location.
           return diffRanges.some(
             (range) =>
-              range.path === locationUri &&
+              range.path === locationPath &&
               ((range.startLine <= locationStartLine &&
                 range.endLine >= locationStartLine) ||
                 (range.startLine === 0 && range.endLine === 0)),