Merge main into releases/v3

CHANGELOG.md

@@ -4,6 +4,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
 
+## 3.24.3 - 15 Feb 2024
+
+- Fix an issue where the CodeQL Action would fail to load a configuration specified by the `config` input to the `init` Action. [#2147](https://github.com/github/codeql-action/pull/2147)
+
 ## 3.24.2 - 15 Feb 2024
 
 - Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. [#2141](https://github.com/github/codeql-action/pull/2141)

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.24.2",
+  "version": "3.24.3",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

pr-checks/checks/config-input.yml

@@ -0,0 +1,33 @@
+name: "Config input"
+description: "Tests specifying configuration using the config input"
+operatingSystems: ["ubuntu"]
+versions: ["latest"]
+steps:
+  - name: Copy queries into workspace
+    run: |
+      cp -a ../action/queries .
+
+  - uses: ./../action/init
+    with:
+      tools: ${{ steps.prepare-test.outputs.tools-url }}
+      languages: javascript
+      build-mode: none
+      config: |
+        disable-default-queries: true
+        queries:
+          - name: Run custom query
+            uses: ./queries/default-setup-environment-variables.ql
+        paths-ignore:
+          - tests
+          - lib
+
+  - uses: ./../action/analyze
+    with:
+      output: ${{ runner.temp }}/results
+
+  - name: Check SARIF
+    uses: ./../action/.github/actions/check-sarif
+    with:
+      sarif-file: ${{ runner.temp }}/results/javascript.sarif
+      queries-run: javascript/codeql-action/default-setup-env-vars
+      queries-not-run: javascript/codeql-action/default-setup-context-properties

src/config-utils.ts

@@ -543,9 +543,17 @@ async function loadConfig({
   let parsedYAML: UserConfig;
 
   if (isLocal(configFile)) {
-    // Treat the config file as relative to the workspace
-    configFile = path.resolve(workspacePath, configFile);
-    parsedYAML = getLocalConfig(configFile, workspacePath);
+    if (configFile !== userConfigFromActionPath(tempDir)) {
+      // If the config file is not generated by the Action, it should be relative to the workspace.
+      configFile = path.resolve(workspacePath, configFile);
+      // Error if the config file is now outside of the workspace
+      if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
+        throw new ConfigurationError(
+          getConfigFileOutsideWorkspaceErrorMessage(configFile),
+        );
+      }
+    }
+    parsedYAML = getLocalConfig(configFile);
   } else {
     parsedYAML = await getRemoteConfig(configFile, apiDetails);
   }
@@ -823,6 +831,10 @@ function dbLocationOrDefault(
   return dbLocation || path.resolve(tempDir, "codeql_databases");
 }
 
+function userConfigFromActionPath(tempDir: string): string {
+  return path.resolve(tempDir, "user-config-from-action.yml");
+}
+
 /**
  * Load and return the config.
  *
@@ -841,7 +853,7 @@ export async function initConfig(inputs: InitConfigInputs): Promise<Config> {
         `Both a config file and config input were provided. Ignoring config file.`,
       );
     }
-    inputs.configFile = path.resolve(tempDir, "user-config-from-action.yml");
+    inputs.configFile = userConfigFromActionPath(tempDir);
     fs.writeFileSync(inputs.configFile, inputs.configInput);
     logger.debug(`Using config from action input: ${inputs.configFile}`);
   }
@@ -883,14 +895,7 @@ function isLocal(configPath: string): boolean {
   return configPath.indexOf("@") === -1;
 }
 
-function getLocalConfig(configFile: string, workspacePath: string): UserConfig {
-  // Error if the config file is now outside of the workspace
-  if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
-    throw new ConfigurationError(
-      getConfigFileOutsideWorkspaceErrorMessage(configFile),
-    );
-  }
-
+function getLocalConfig(configFile: string): UserConfig {
   // Error if the file does not exist
   if (!fs.existsSync(configFile)) {
     throw new ConfigurationError(