Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecate CodeQL Action v2 #2677

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Conversation

angelapwen
Copy link
Contributor

@angelapwen angelapwen commented Jan 7, 2025

Following the excellent instructions documented, this PR:

  • converts the deprecation warning to an error
  • removes mentions to v2 in documentation (and tries to generalize them so that future versions will not need so many documentation changes)
  • adds a changenote for the deprecation
  • adds a section about adding a new Action major version to CONTRIBUTING.md for future reference.

Note that this PR should not be merged until a public changelog post is published, and then linked to in the error message & changelog entry here.

After this PR is merged and released to releases/v3 and releases/v2, we can update the OLDEST_SUPPORTED_MAJOR_VERSION variable in releases.ini to 2.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Confirm the readme has been updated if necessary.
  • Confirm the changelog has been updated if necessary.

@angelapwen angelapwen added the DO NOT MERGE This pull request should not be merged yet label Jan 7, 2025
@angelapwen angelapwen force-pushed the angelapwen/deprecate-action-v2 branch from 645e36c to 4541c13 Compare January 7, 2025 22:01
@angelapwen angelapwen requested a review from nickfyson January 7, 2025 22:06
@@ -2,11 +2,9 @@

See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add this paragraph to the relevant location in CONTRIBUTING.md as a reminder to add it back when we introduce v4?

Or instead of copying this text directly, include a link to this text so that it can be easily found again.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done — I actually linked to the specific docs diff in this PR; thought that would be easiest for someone to read and find the link to!

Comment on lines -66 to -72
- v2 (deprecated, support will end on December 5th, 2024)

The only difference between CodeQL Action v2 and v3 is the version of Node.js on which they run. CodeQL Action v3 runs on Node 20, while CodeQL Action v2 runs on Node 16.

To provide the best experience to customers using older versions of GitHub Enterprise Server, we will continue to release CodeQL Action v2 so that these customers can continue to run the latest version of CodeQL as long as their version of GitHub Enterprise Server is supported. For example CodeQL Action v3.22.11 was the first release of CodeQL Action v3 and is functionally identical to v2.22.11. This approach provides an easy way to track exactly which features are included in different versions by looking at the minor and patch version numbers.

For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/)."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same thing here as with the changelog note.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Comment on lines +1074 to +1075
* Check whether a customer is running v1 or v2. If they are, and we can determine that the GitHub
* instance supports v3, then log an error prompting the customer to upgrade to v3.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this actually going to be backported to v2? If not then there's no reason to change this check.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh good point. I think we'll want to then merge this without the change to releases.ini and backport to v2 so that it's the final change to v2, and then as a final step merge the change to releases.ini.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we'd need to do an actual release, otherwise immutable actions won't pick it up. Maybe that's not necessary since immutable actions is not quite available publicly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh yeah, sorry, so we'll need to:

  • merge this without the change to releases.ini
  • release (including to the v2 backport)
  • merge the change to releases.ini immediately after

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed the change to releases.ini in this PR.

So that our changes can go into `releases/v2`. We will bump `OLDEST_SUPPORTED_MAJOR_VERSION` immediately after the next release.
@angelapwen angelapwen force-pushed the angelapwen/deprecate-action-v2 branch from 287f0ed to 03d5731 Compare January 7, 2025 22:50
nickfyson
nickfyson previously approved these changes Jan 8, 2025
Copy link
Contributor

@nickfyson nickfyson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

Comment on lines +107 to +114
To add a new major version of the Action:

1. Change the `version` field of `package.json` by running `npm version x.y.z` where `x` is the new major version, and `y` and `z` match the latest minor and patch versions of the last release.
1. Update appropriate documentation to explain the reasoning behind the releases: see [the diff](https://github.com/github/codeql-action/pull/2677/commits/913d60579d4b560addf53ec3c493d491dd3c1378) in our last major version deprecation for examples on which parts of the documentation should be updated.
1. Consider the timeline behind deprecating the prior Action version: see [CodeQL Action deprecation documentation](#deprecating-a-codeql-action-major-version-write-access-required)

## Deprecating a CodeQL Action major version (write access required)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

(it's been a while, so I had to dig through the code to remind myself that manual creation of branch and vN+1 tag was not needed, and it seems that is indeed automatic! :phew:)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I actually totally forgot about that step 😆 thanks for looking into it and confirming, though!

@angelapwen angelapwen changed the title [Do not merge] Deprecate CodeQL Action v2 Deprecate CodeQL Action v2 Jan 10, 2025
@angelapwen angelapwen removed the DO NOT MERGE This pull request should not be merged yet label Jan 10, 2025
@angelapwen angelapwen marked this pull request as ready for review January 10, 2025 16:54
@angelapwen angelapwen requested a review from a team as a code owner January 10, 2025 16:54
@angelapwen
Copy link
Contributor Author

angelapwen commented Jan 10, 2025

The public changelog blog post is live at https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated and I've added the link to the appropriate places in this PR, so it's now ready for re-review!

(CI will pass once the bundle upgrade PR makes it to the next release)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants