From 286fd68a67cf94b9f0f0f3e23535942cc5a8f57d Mon Sep 17 00:00:00 2001
From: Angela P Wen <angelapwen@github.com>
Date: Mon, 24 Feb 2025 12:35:17 -0800
Subject: [PATCH 1/8] Use env var for `EXPECTED_CONFIG_FILE_CONTENTS`

---
 .github/actions/check-codescanning-config/action.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/actions/check-codescanning-config/action.yml b/.github/actions/check-codescanning-config/action.yml
index 02306e0605..a02d8b42f1 100644
--- a/.github/actions/check-codescanning-config/action.yml
+++ b/.github/actions/check-codescanning-config/action.yml
@@ -53,6 +53,7 @@ runs:
         db-location: ${{ runner.temp }}/codescanning-config-cli-test
       env:
         CODEQL_ACTION_TEST_MODE: 'true'
+        EXPECTED_CONFIG_FILE_CONTENTS: ${{ inputs.expected-config-file-contents }}
 
     - name: Install dependencies
       shell: bash
@@ -61,7 +62,7 @@ runs:
     - name: Check config
       working-directory: ${{ github.action_path }}
       shell: bash
-      run: ts-node ./index.ts "${{ runner.temp }}/user-config.yaml" '${{ inputs.expected-config-file-contents }}'
+      run: ts-node ./index.ts "${{ runner.temp }}/user-config.yaml" '$EXPECTED_CONFIG_FILE_CONTENTS'
 
     - name: Clean up
       shell: bash
@@ -69,3 +70,5 @@ runs:
       run: |
         rm -rf ${{ runner.temp }}/codescanning-config-cli-test
         rm -rf ${{ runner.temp }}/user-config.yaml
+        rm -rf $RUNNER_TEMP/codescanning-config-cli-test
+        rm -rf $RUNNER_TEMP/user-config.yaml

From c0a8eb9a67638fadc0cd95fc3ffc7c6750160d13 Mon Sep 17 00:00:00 2001
From: Angela P Wen <angelapwen@github.com>
Date: Mon, 24 Feb 2025 12:35:51 -0800
Subject: [PATCH 2/8] Use `$RUNNER_TEMP` for good measure

`runner.temp` is not user-controlled but we replace it with `$RUNNER_TEMP` in any case.
---
 .github/actions/check-codescanning-config/action.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/actions/check-codescanning-config/action.yml b/.github/actions/check-codescanning-config/action.yml
index a02d8b42f1..d30113b342 100644
--- a/.github/actions/check-codescanning-config/action.yml
+++ b/.github/actions/check-codescanning-config/action.yml
@@ -62,13 +62,11 @@ runs:
     - name: Check config
       working-directory: ${{ github.action_path }}
       shell: bash
-      run: ts-node ./index.ts "${{ runner.temp }}/user-config.yaml" '$EXPECTED_CONFIG_FILE_CONTENTS'
+      run: ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" '$EXPECTED_CONFIG_FILE_CONTENTS'
 
     - name: Clean up
       shell: bash
       if: always()
       run: |
-        rm -rf ${{ runner.temp }}/codescanning-config-cli-test
-        rm -rf ${{ runner.temp }}/user-config.yaml
         rm -rf $RUNNER_TEMP/codescanning-config-cli-test
         rm -rf $RUNNER_TEMP/user-config.yaml

From 5e88a178fe8322a6948f81b2d1a1c5b9ce12bb65 Mon Sep 17 00:00:00 2001
From: Angela P Wen <angelapwen@github.com>
Date: Mon, 24 Feb 2025 12:52:19 -0800
Subject: [PATCH 3/8] Update
 .github/actions/check-codescanning-config/action.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/actions/check-codescanning-config/action.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/actions/check-codescanning-config/action.yml b/.github/actions/check-codescanning-config/action.yml
index d30113b342..3851ee2bdc 100644
--- a/.github/actions/check-codescanning-config/action.yml
+++ b/.github/actions/check-codescanning-config/action.yml
@@ -62,8 +62,7 @@ runs:
     - name: Check config
       working-directory: ${{ github.action_path }}
       shell: bash
-      run: ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" '$EXPECTED_CONFIG_FILE_CONTENTS'
-
+      run: ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" "$EXPECTED_CONFIG_FILE_CONTENTS"
     - name: Clean up
       shell: bash
       if: always()

From a9f7529f4781cad09e7b091a3caf41bc69a2a992 Mon Sep 17 00:00:00 2001
From: Angela P Wen <angelapwen@github.com>
Date: Mon, 24 Feb 2025 13:05:29 -0800
Subject: [PATCH 4/8] Quote `expected-config-file-contents` input

---
 .github/actions/check-codescanning-config/action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/actions/check-codescanning-config/action.yml b/.github/actions/check-codescanning-config/action.yml
index 3851ee2bdc..b20e25da5f 100644
--- a/.github/actions/check-codescanning-config/action.yml
+++ b/.github/actions/check-codescanning-config/action.yml
@@ -53,7 +53,7 @@ runs:
         db-location: ${{ runner.temp }}/codescanning-config-cli-test
       env:
         CODEQL_ACTION_TEST_MODE: 'true'
-        EXPECTED_CONFIG_FILE_CONTENTS: ${{ inputs.expected-config-file-contents }}
+        EXPECTED_CONFIG_FILE_CONTENTS: '${{ inputs.expected-config-file-contents }}'
 
     - name: Install dependencies
       shell: bash

From 7567eab606146703f30b3f80cf5b7168cbbc49d8 Mon Sep 17 00:00:00 2001
From: Angela P Wen <angelapwen@github.com>
Date: Mon, 24 Feb 2025 13:17:24 -0800
Subject: [PATCH 5/8] Fail when expected config does not exist

---
 .github/actions/check-codescanning-config/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/actions/check-codescanning-config/index.ts b/.github/actions/check-codescanning-config/index.ts
index 196b1ad040..0596e4fe9b 100644
--- a/.github/actions/check-codescanning-config/index.ts
+++ b/.github/actions/check-codescanning-config/index.ts
@@ -8,7 +8,7 @@ const actualConfig = loadActualConfig()
 
 const rawExpectedConfig = process.argv[3].trim()
 if (!rawExpectedConfig) {
-  core.info('No expected configuration provided')
+  core.setFailed('No expected configuration provided')
 } else {
   core.startGroup('Expected generated user config')
   core.info(yaml.dump(JSON.parse(rawExpectedConfig)))

From 3b348d9a548445f0f8528a5d94614dd6df264b57 Mon Sep 17 00:00:00 2001
From: Angela P Wen <angelapwen@github.com>
Date: Mon, 24 Feb 2025 13:17:35 -0800
Subject: [PATCH 6/8] Debug only: print environment variable

---
 .github/actions/check-codescanning-config/action.yml | 2 +-
 .github/actions/check-codescanning-config/index.ts   | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/actions/check-codescanning-config/action.yml b/.github/actions/check-codescanning-config/action.yml
index b20e25da5f..e4f54a0330 100644
--- a/.github/actions/check-codescanning-config/action.yml
+++ b/.github/actions/check-codescanning-config/action.yml
@@ -62,7 +62,7 @@ runs:
     - name: Check config
       working-directory: ${{ github.action_path }}
       shell: bash
-      run: ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" "$EXPECTED_CONFIG_FILE_CONTENTS"
+      run: echo "$EXPECTED_CONFIG_FILE_CONTENTS"; ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" "$EXPECTED_CONFIG_FILE_CONTENTS"
     - name: Clean up
       shell: bash
       if: always()
diff --git a/.github/actions/check-codescanning-config/index.ts b/.github/actions/check-codescanning-config/index.ts
index 0596e4fe9b..b315dc305b 100644
--- a/.github/actions/check-codescanning-config/index.ts
+++ b/.github/actions/check-codescanning-config/index.ts
@@ -7,6 +7,7 @@ import * as assert from 'assert'
 const actualConfig = loadActualConfig()
 
 const rawExpectedConfig = process.argv[3].trim()
+core.info("rawExpectedConfig: " + rawExpectedConfig)
 if (!rawExpectedConfig) {
   core.setFailed('No expected configuration provided')
 } else {

From e12eb8d7c155758360f0eac96e76d523c148e044 Mon Sep 17 00:00:00 2001
From: Angela P Wen <angelapwen@github.com>
Date: Mon, 24 Feb 2025 13:24:22 -0800
Subject: [PATCH 7/8] Set environment variable in the correct step

---
 .github/actions/check-codescanning-config/action.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/actions/check-codescanning-config/action.yml b/.github/actions/check-codescanning-config/action.yml
index e4f54a0330..5de4eddc95 100644
--- a/.github/actions/check-codescanning-config/action.yml
+++ b/.github/actions/check-codescanning-config/action.yml
@@ -53,7 +53,6 @@ runs:
         db-location: ${{ runner.temp }}/codescanning-config-cli-test
       env:
         CODEQL_ACTION_TEST_MODE: 'true'
-        EXPECTED_CONFIG_FILE_CONTENTS: '${{ inputs.expected-config-file-contents }}'
 
     - name: Install dependencies
       shell: bash
@@ -62,7 +61,11 @@ runs:
     - name: Check config
       working-directory: ${{ github.action_path }}
       shell: bash
-      run: echo "$EXPECTED_CONFIG_FILE_CONTENTS"; ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" "$EXPECTED_CONFIG_FILE_CONTENTS"
+      env:
+        EXPECTED_CONFIG_FILE_CONTENTS: '${{ inputs.expected-config-file-contents }}'
+      run: |
+        echo "EXPECTED_CONFIG_FILE_CONTENTS = $EXPECTED_CONFIG_FILE_CONTENTS"
+        ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" "$EXPECTED_CONFIG_FILE_CONTENTS"
     - name: Clean up
       shell: bash
       if: always()

From 628c1e669a7443dbda7065e75f489bb50d4b764a Mon Sep 17 00:00:00 2001
From: Angela P Wen <angelapwen@github.com>
Date: Mon, 24 Feb 2025 13:29:47 -0800
Subject: [PATCH 8/8] Remove print debugging

---
 .github/actions/check-codescanning-config/action.yml | 4 +---
 .github/actions/check-codescanning-config/index.ts   | 1 -
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/actions/check-codescanning-config/action.yml b/.github/actions/check-codescanning-config/action.yml
index 5de4eddc95..0c65c3a41d 100644
--- a/.github/actions/check-codescanning-config/action.yml
+++ b/.github/actions/check-codescanning-config/action.yml
@@ -63,9 +63,7 @@ runs:
       shell: bash
       env:
         EXPECTED_CONFIG_FILE_CONTENTS: '${{ inputs.expected-config-file-contents }}'
-      run: |
-        echo "EXPECTED_CONFIG_FILE_CONTENTS = $EXPECTED_CONFIG_FILE_CONTENTS"
-        ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" "$EXPECTED_CONFIG_FILE_CONTENTS"
+      run: ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" "$EXPECTED_CONFIG_FILE_CONTENTS"
     - name: Clean up
       shell: bash
       if: always()
diff --git a/.github/actions/check-codescanning-config/index.ts b/.github/actions/check-codescanning-config/index.ts
index b315dc305b..0596e4fe9b 100644
--- a/.github/actions/check-codescanning-config/index.ts
+++ b/.github/actions/check-codescanning-config/index.ts
@@ -7,7 +7,6 @@ import * as assert from 'assert'
 const actualConfig = loadActualConfig()
 
 const rawExpectedConfig = process.argv[3].trim()
-core.info("rawExpectedConfig: " + rawExpectedConfig)
 if (!rawExpectedConfig) {
   core.setFailed('No expected configuration provided')
 } else {