Enable only code-scanning

CHANGELOG.md

@@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 ## [UNRELEASED]
 
-- An error is now thrown if multiple inputs are provided for the GitHub-internal `analysis-kinds` input. The `analysis-kinds` input is experimental, for GitHub-internal use only, and may change without notice at any time. [#3892](https://github.com/github/codeql-action/pull/3892)
+- If multiple inputs are provided for the GitHub-internal `analysis-kinds` input, only `code-scanning` will be enabled. The `analysis-kinds` input is experimental, for GitHub-internal use only, and may change without notice at any time. [#3892](https://github.com/github/codeql-action/pull/3892)
 
 ## 4.35.4 - 07 May 2026
 

lib/init-action.js

@@ -87589,9 +87589,11 @@ async function getAnalysisKinds(logger, features, skipCache = false) {
     }
   }
   if (!isInTestMode() && analysisKinds.length > 1 && !await features.getValue("allow_multiple_analysis_kinds" /* AllowMultipleAnalysisKinds */)) {
-    throw new ConfigurationError(
-      "The `analysis-kinds` input is experimental and for GitHub-internal use only. Its behaviour may change at any time or be removed entirely. Specifying multiple values as input is no longer supported."
+    logger.error(
+      "The `analysis-kinds` input is experimental and for GitHub-internal use only. Its behaviour may change at any time or be removed entirely. Specifying multiple values as input is no longer supported. Continuing with only `analysis-kinds: code-scanning`."
     );
+    cachedAnalysisKinds = ["code-scanning" /* CodeScanning */];
+    return cachedAnalysisKinds;
   }
   cachedAnalysisKinds = analysisKinds;
   return cachedAnalysisKinds;

src/analyses.test.ts

@@ -16,7 +16,7 @@ import {
 } from "./analyses";
 import { EnvVar } from "./environment";
 import { getRunnerLogger } from "./logging";
-import { createFeatures, setupTests } from "./testing-utils";
+import { createFeatures, RecordingLogger, setupTests } from "./testing-utils";
 import { AssessmentPayload } from "./upload-lib/types";
 import { ConfigurationError } from "./util";
 
@@ -70,19 +70,21 @@ test.serial(
 );
 
 test.serial(
-  "getAnalysisKinds - throws for multiple analysis kinds outside of test mode",
+  "getAnalysisKinds - only use `code-scanning` for multiple analysis kinds outside of test mode",
   async (t) => {
     process.env[EnvVar.TEST_MODE] = "false";
     const features = createFeatures([]);
+    const logger = new RecordingLogger();
     const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
     requiredInputStub
       .withArgs("analysis-kinds")
       .returns("code-scanning,code-quality");
-    await t.throwsAsync(
-      getAnalysisKinds(getRunnerLogger(true), features, true),
-      {
-        instanceOf: ConfigurationError,
-      },
+    const result = await getAnalysisKinds(logger, features, true);
+    t.deepEqual(result, [AnalysisKind.CodeScanning]);
+    t.assert(
+      logger.hasMessage(
+        "Continuing with only `analysis-kinds: code-scanning`.",
+      ),
     );
   },
 );

src/analyses.ts

@@ -122,17 +122,23 @@ export async function getAnalysisKinds(
     }
   }
 
-  // Throw an error if we have multiple inputs for `analysis-kinds` outside of test mode.
+  // Log an error if we have multiple inputs for `analysis-kinds` outside of test mode,
+  // and enable only `code-scanning`.
   if (
     !isInTestMode() &&
     analysisKinds.length > 1 &&
     !(await features.getValue(Feature.AllowMultipleAnalysisKinds))
   ) {
-    throw new ConfigurationError(
+    logger.error(
       "The `analysis-kinds` input is experimental and for GitHub-internal use only. " +
         "Its behaviour may change at any time or be removed entirely. " +
-        "Specifying multiple values as input is no longer supported.",
+        "Specifying multiple values as input is no longer supported. " +
+        "Continuing with only `analysis-kinds: code-scanning`.",
     );
+
+    // Only enable Code Scanning.
+    cachedAnalysisKinds = [AnalysisKind.CodeScanning];
+    return cachedAnalysisKinds;
   }
 
   // Cache the analysis kinds and return them.