Update SDK Loader to rename the snippet postfix file to avoid CodeQL scanning issues

.github/codeql/codeql-config.yml

@@ -9,8 +9,6 @@ paths-ignore:
   - '**/dist-history/'
   - '**/rollup.config.js'
   - '**/docs/webSdk/'
-
-query-filters:
-  - exclude:
-      paths:
-        - tools/applicationinsights-web-snippet/src/snippet-config.js
+  - '**/tools/**/*.jsonc'
+  - '**/node_modules/'
+  - '**/*.d.ts'

.github/workflows/codeql-analysis.yml

@@ -22,51 +22,81 @@ on:
 
 jobs:
   analyze:
-    name: Analyze
+    name: Analyze (${{ matrix.language }})
     runs-on: ubuntu-latest
     permissions:
+      # required for all workflows
+      security-events: write
+      # required to fetch internal or private CodeQL packs
+      packages: read
+      # only required for workflows in private repositories
       actions: read
       contents: read
-      security-events: write
-
+
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+        include:
+          - language: actions
+          - language: javascript
+          - language: javascript-typescript
+            node-version: '18'
+        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
 
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
 
-    # Initializes the CodeQL tools for scanning.
+    # Setup Node.js for JavaScript projects
+    - name: Setup Node.js ${{ matrix.node-version }}
+      # Only run the build for Typescript/JavaScript language match
+      if: matrix.language == 'javascript-typescript' 
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ matrix.node-version }}
+
+    # Install dependencies for JavaScript projects
+    - name: Install dependencies
+      # Only run the build for Typescript/JavaScript language match
+      if: matrix.language == 'javascript-typescript'
+      run: |
+        node common/scripts/install-run-rush.js update --full --recheck
+        npm install rollup -g
+        npm install grunt-cli
+        npm install
+        node common/scripts/install-run-rush.js update --full --recheck
+
+    # Initializes the CodeQL tools for scanning
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         config-file: ./.github/codeql/codeql-config.yml
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
+
+    # Build JavaScript project specifically (skipping autobuild for JavaScript)
+    - name: Build JavaScript
+      # Only run the build for Typescript/JavaScript language match
+      if: matrix.language == 'javascript-typescript'
+      run: npm run build
 
+    # Perform the CodeQL Analysis
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
+        upload-database: true
+
+    # Debug CodeQL configuration
+    - name: Debug CodeQL configuration
+      if: always()
+      run: |
+        echo "Executed CodeQL for language: ${{ matrix.language }}"
+        echo "Category used: /language:${{ matrix.language }}"
+        echo "Node version: ${{ matrix.node-version || 'N/A' }}"

gruntfile.js

@@ -70,7 +70,7 @@ module.exports = function (grunt) {
                 replacements: function() {
 
                     var snippetBuffer = grunt.file.read("./tools/applicationinsights-web-snippet/build/output/snippet.min.js");
-                    var snippetConfig = grunt.file.read("./tools/applicationinsights-web-snippet/src/snippet-config.js").trim();
+                    var snippetConfig = grunt.file.read("./tools/applicationinsights-web-snippet/src/snippet-config.jsonc").trim();
 
                     while(snippetConfig.endsWith("\r") || snippetConfig.endsWith("\n")) {
                         snippetConfig = snippetConfig.substring(0, snippetConfig.length - 1);
@@ -110,7 +110,7 @@ module.exports = function (grunt) {
                 replacements: function() {
 
                     var snippetBuffer = grunt.file.read("./tools/applicationinsights-web-snippet/build/output/snippet.js");
-                    var snippetConfig = grunt.file.read("./tools/applicationinsights-web-snippet/src/snippet-config.js").trim();
+                    var snippetConfig = grunt.file.read("./tools/applicationinsights-web-snippet/src/snippet-config.jsonc").trim();
                     while(snippetConfig.endsWith("\r") || snippetConfig.endsWith("\n")) {
                         snippetConfig = snippetConfig.substring(0, snippetConfig.length - 1);
                     }