-
Notifications
You must be signed in to change notification settings - Fork 339
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate CodeQL Action v2 #2677
Conversation
645e36c
to
4541c13
Compare
@@ -2,11 +2,9 @@ | |||
|
|||
See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. | |||
|
|||
Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add this paragraph to the relevant location in CONTRIBUTING.md
as a reminder to add it back when we introduce v4?
Or instead of copying this text directly, include a link to this text so that it can be easily found again.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done — I actually linked to the specific docs diff in this PR; thought that would be easiest for someone to read and find the link to!
- v2 (deprecated, support will end on December 5th, 2024) | ||
|
||
The only difference between CodeQL Action v2 and v3 is the version of Node.js on which they run. CodeQL Action v3 runs on Node 20, while CodeQL Action v2 runs on Node 16. | ||
|
||
To provide the best experience to customers using older versions of GitHub Enterprise Server, we will continue to release CodeQL Action v2 so that these customers can continue to run the latest version of CodeQL as long as their version of GitHub Enterprise Server is supported. For example CodeQL Action v3.22.11 was the first release of CodeQL Action v3 and is functionally identical to v2.22.11. This approach provides an easy way to track exactly which features are included in different versions by looking at the minor and patch version numbers. | ||
|
||
For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/)." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same thing here as with the changelog note.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
* Check whether a customer is running v1 or v2. If they are, and we can determine that the GitHub | ||
* instance supports v3, then log an error prompting the customer to upgrade to v3. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this actually going to be backported to v2? If not then there's no reason to change this check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh good point. I think we'll want to then merge this without the change to releases.ini
and backport to v2 so that it's the final change to v2
, and then as a final step merge the change to releases.ini
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we'd need to do an actual release, otherwise immutable actions won't pick it up. Maybe that's not necessary since immutable actions is not quite available publicly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh yeah, sorry, so we'll need to:
- merge this without the change to
releases.ini
- release (including to the
v2
backport) - merge the change to
releases.ini
immediately after
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed the change to releases.ini
in this PR.
So that our changes can go into `releases/v2`. We will bump `OLDEST_SUPPORTED_MAJOR_VERSION` immediately after the next release.
287f0ed
to
03d5731
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
To add a new major version of the Action: | ||
|
||
1. Change the `version` field of `package.json` by running `npm version x.y.z` where `x` is the new major version, and `y` and `z` match the latest minor and patch versions of the last release. | ||
1. Update appropriate documentation to explain the reasoning behind the releases: see [the diff](https://github.com/github/codeql-action/pull/2677/commits/913d60579d4b560addf53ec3c493d491dd3c1378) in our last major version deprecation for examples on which parts of the documentation should be updated. | ||
1. Consider the timeline behind deprecating the prior Action version: see [CodeQL Action deprecation documentation](#deprecating-a-codeql-action-major-version-write-access-required) | ||
|
||
## Deprecating a CodeQL Action major version (write access required) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
(it's been a while, so I had to dig through the code to remind myself that manual creation of branch and vN+1
tag was not needed, and it seems that is indeed automatic! :phew:)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh I actually totally forgot about that step 😆 thanks for looking into it and confirming, though!
The public changelog blog post is live at https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated and I've added the link to the appropriate places in this PR, so it's now ready for re-review! (CI will pass once the bundle upgrade PR makes it to the next release) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🫡
There's a typo in https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated so I'll wait to merge this until that's fixed! Thanks!! |
And it's already fixed 😆 merging! |
Following the excellent instructions documented, this PR:
CONTRIBUTING.md
for future reference.Note that this PR should not be merged until a public changelog post is published, and then linked to in the error message & changelog entry here.
After this PR is merged and released to
releases/v3
andreleases/v2
, we can update theOLDEST_SUPPORTED_MAJOR_VERSION
variable inreleases.ini
to 2.Merge / deployment checklist