-
Notifications
You must be signed in to change notification settings - Fork 335
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Python: Don't install deps by default for all users #2031
Conversation
I think we can ignore |
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
LGTM! I'll avoid approving this until you move this out of draft mode. |
To make it more clear what feature is being removed in the future
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great, just a couple of comments.
@@ -6,6 +6,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the | |||
|
|||
## [UNRELEASED] | |||
|
|||
- We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. [#2031](https://github.com/github/codeql-action/pull/2031) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[Non-blocking] Currently we disable Python dependency installation for CodeQL v2.16.0 and later, however the Action supports CodeQL versions all the way back to 2.11.6. Do we plan to keep supporting Python dependency installation for old CLIs in the Action until support for v2.15.5 is deprecated in about a year from now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had hoped to be able delete the python-setup
folder and all the logic for dependency installation soon, but let's discuss this aspect some more 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 We can always start applying this to earlier CLI versions later on. Happy to discuss!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great, thank you! FYI, if after pushing commits you realize that you forgot to rebuild the Action, you can now apply the "Rebuild" label to have Actions rebuild it for you.
Merge / deployment checklist