Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Python: Don't install deps by default for all users #2031

Merged
merged 14 commits into from
Jan 5, 2024

Conversation

RasmusWL
Copy link
Member

@RasmusWL RasmusWL commented Dec 13, 2023

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Confirm the readme has been updated if necessary.
  • Confirm the changelog has been updated if necessary.

@RasmusWL
Copy link
Member Author

I think we can ignore Swift analysis using a custom build command as a spurious failure 😊

CHANGELOG.md Outdated Show resolved Hide resolved
RasmusWL and others added 2 commits December 13, 2023 20:28
@aeisenberg
Copy link
Contributor

LGTM! I'll avoid approving this until you move this out of draft mode.

@RasmusWL RasmusWL marked this pull request as ready for review January 4, 2024 15:08
@RasmusWL RasmusWL requested a review from a team as a code owner January 4, 2024 15:08
@RasmusWL RasmusWL requested a review from henrymercer January 4, 2024 15:08
Copy link
Contributor

@henrymercer henrymercer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great, just a couple of comments.

src/analyze.ts Outdated Show resolved Hide resolved
@@ -6,6 +6,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the

## [UNRELEASED]

- We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. [#2031](https://github.com/github/codeql-action/pull/2031)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Non-blocking] Currently we disable Python dependency installation for CodeQL v2.16.0 and later, however the Action supports CodeQL versions all the way back to 2.11.6. Do we plan to keep supporting Python dependency installation for old CLIs in the Action until support for v2.15.5 is deprecated in about a year from now?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had hoped to be able delete the python-setup folder and all the logic for dependency installation soon, but let's discuss this aspect some more 👍

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 We can always start applying this to earlier CLI versions later on. Happy to discuss!

src/init-action.ts Show resolved Hide resolved
@RasmusWL RasmusWL requested a review from henrymercer January 5, 2024 09:24
Copy link
Contributor

@henrymercer henrymercer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thank you! FYI, if after pushing commits you realize that you forgot to rebuild the Action, you can now apply the "Rebuild" label to have Actions rebuild it for you.

@RasmusWL RasmusWL merged commit 58ff74a into main Jan 5, 2024
317 checks passed
@RasmusWL RasmusWL deleted the rasmuswl/no-dep-inst-default branch January 5, 2024 10:18
@github-actions github-actions bot mentioned this pull request Jan 8, 2024
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants