Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable a controlled switchover between CodeQL releases #1475

Merged
merged 29 commits into from
Jan 19, 2023
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
cdb9019
Support determining Dotcom CLI version from feature flags
henrymercer Jan 5, 2023
a6dff04
Ignore default version flags with invalid version numbers
henrymercer Jan 5, 2023
a76fe4f
Enable mapping from CLI version to bundle tag name
henrymercer Jan 6, 2023
bd2f52f
Move CodeQL setup to its own file
henrymercer Jan 9, 2023
c3be36f
Use new default version to set up CodeQL
henrymercer Jan 10, 2023
23d151d
Add test for using default version with no requested URL on Dotcom
henrymercer Jan 10, 2023
2f7b9a1
Differentiate `setupCodeql.setupCodeQL` from `codeql.setupCodeQL`
henrymercer Jan 11, 2023
e8c12e1
Add a debug log for the feature flag API response
henrymercer Jan 11, 2023
648838c
Allow using a `x.y.z-yyyymmdd` toolcache version for CLI `x.y.z`.
henrymercer Jan 12, 2023
1eeb9df
Remove dead code
henrymercer Jan 12, 2023
a89ad76
Expand note about defaults.json compatibility
henrymercer Jan 12, 2023
31c7ce1
Add doc describing CLI version marker files
henrymercer Jan 12, 2023
9578699
Merge branch 'main' into henrymercer/controlled-switchover
henrymercer Jan 12, 2023
28f827a
Add changelog notes
henrymercer Jan 12, 2023
c9b1be5
Bump version to 2.2.0
henrymercer Jan 12, 2023
c2e39e0
Cache explicitly requested bundles with their URL if possible
henrymercer Jan 12, 2023
33206d2
Include the bundle version in the toolcache version number
henrymercer Jan 12, 2023
0be20e5
Use the CLI version when caching the bundle in telemetry too
henrymercer Jan 12, 2023
12998b7
Convert logger call to debug
henrymercer Jan 13, 2023
13cdac3
Improve changelog notes
henrymercer Jan 13, 2023
eca06a5
Further improve changelog notes
henrymercer Jan 13, 2023
ac7e4d7
Improve changelog note some more
henrymercer Jan 16, 2023
115587a
Merge branch 'main' into henrymercer/controlled-switchover
henrymercer Jan 16, 2023
b660a38
Address review comments
henrymercer Jan 16, 2023
a5b44c1
Add a sentence on recommended practices for using the CLI
henrymercer Jan 16, 2023
5f1362d
Merge branch 'main' into henrymercer/controlled-switchover
henrymercer Jan 18, 2023
8a4abfd
Support `cli-version-x.y.z-pre.txt` marker files
henrymercer Jan 18, 2023
3d62f02
Update changelog note
henrymercer Jan 18, 2023
9012214
Merge branch 'main' into henrymercer/controlled-switchover
henrymercer Jan 18, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,12 @@

## [UNRELEASED]

- The default version of the CodeQL tools when running the CodeQL Action on github.com will now be more stable during the release of new GitHub Actions runner images. This will prevent fluctuations in code scanning alerts while a new runner image release rolls out to GitHub-hosted Actions runners. [#1475](https://github.com/github/codeql-action/pull/1475).
- Upcoming versions of the GitHub Actions runner images will include a change to the layout of the CodeQL tools within the Actions toolcache. Specifically, the Actions toolcache will be pre-populated with the latest two versions of the CodeQL tools, rather than just the latest CodeQL tools. The version number of the CodeQL tools within the toolcache will also change to incorporate the version number of the corresponding release of the CodeQL CLI. Users should continue to avoid depending on the layout of the CodeQL tools within the toolcache, as this may change without warning in the future.
- Code scanning alerts will now be more stable during the release of new GitHub Actions runner images for customers running the CodeQL Action on github.com. [#1475](https://github.com/github/codeql-action/pull/1475).
- To accomplish this, the internal layout of the GitHub Actions tool cache has changed. This will affect a minority of customers as follows.
henrymercer marked this conversation as resolved.
Show resolved Hide resolved
- Customers with workflows on github.com that are pinned to specific old versions of the CodeQL Action (e.g. `v2.1.32`) will no longer obtain the newest version of CodeQL from the tool cache, and will instead download a compatible older version of CodeQL from GitHub Releases. To continue using the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (`v2`).
- Customers directly interacting with the GitHub Actions tool cache directly, for example via the `@actions/tool-cache` npm package or directly on the filesystem of a GitHub Actions runner, may need to update their workflows to take into account the following changes:
henrymercer marked this conversation as resolved.
Show resolved Hide resolved
1. On GitHub-hosted Actions runners, the tool cache is now pre-populated with two versions, rather than one version, of the CodeQL bundle.
2. The version numbering of each CodeQL bundle within the tool cache has changed to include the version number of the CodeQL CLI associated with that bundle, for example the bundle containing CodeQL CLI 2.11.6 is now versioned as `2.11.6-20221211` within the tool cache rather than `0.0.0-20221211`.

## 2.1.38 - 12 Jan 2023

Expand Down
2 changes: 1 addition & 1 deletion lib/setup-codeql.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion src/setup-codeql.ts
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ export async function tryFindCliVersionDotcomOnly(
});
return tryGetCodeQLCliVersionForRelease(release.data, logger);
} catch (e) {
logger.error(
logger.debug(
`Failed to find the CLI version for the CodeQL bundle tagged ${tagName}. Error: ${
henrymercer marked this conversation as resolved.
Show resolved Hide resolved
e instanceof Error ? e.message : e
}`
Expand Down