diff --git a/CHANGELOG.md b/CHANGELOG.md index bb4d0129e5..b023f376bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see [Upcoming deprecation of CodeQL Action v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/). ## 4.31.2 - 30 Oct 2025 diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 04fac76278..07eeb5eb3b 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -87413,14 +87413,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 94f3208a99..298f50dbcd 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -83157,14 +83157,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/init-action.js b/lib/init-action.js index 9cd3723250..456989a4ab 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -84734,14 +84734,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 4f6d48f3f9..03a9bf9e29 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -83169,14 +83169,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 18b293b2a8..b7e7ec6ca3 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -83245,14 +83245,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index f927d490f9..65e75b23f7 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -86065,14 +86065,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/src/util.test.ts b/src/util.test.ts index 0e3adc8f7e..03d7d89ec2 100644 --- a/src/util.test.ts +++ b/src/util.test.ts @@ -447,13 +447,21 @@ const CHECK_ACTION_VERSION_TESTS: Array<[string, util.GitHubVersion, boolean]> = ["2.2.1", { type: util.GitHubVariant.DOTCOM }, true], ["2.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, true], ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false], - ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, true], - ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, true], - ["3.2.1", { type: util.GitHubVariant.DOTCOM }, false], - ["3.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, false], + ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, false], + ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, false], + ["3.2.1", { type: util.GitHubVariant.DOTCOM }, true], + ["3.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, true], ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false], ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, false], ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, false], + ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.19" }, false], + ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.20" }, true], + ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.21" }, true], + ["4.2.1", { type: util.GitHubVariant.DOTCOM }, false], + ["4.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, false], + ["4.2.1", { type: util.GitHubVariant.GHES, version: "3.19" }, false], + ["4.2.1", { type: util.GitHubVariant.GHES, version: "3.20" }, false], + ["4.2.1", { type: util.GitHubVariant.GHES, version: "3.21" }, false], ]; for (const [ @@ -480,9 +488,7 @@ for (const [ if (shouldReportError) { t.true( warningSpy.calledOnceWithExactly( - sinon.match( - "CodeQL Action major versions v1 and v2 have been deprecated.", - ), + sinon.match("CodeQL Action v3 will be deprecated in December 2026."), ), ); } else { diff --git a/src/util.ts b/src/util.ts index 96ea0f9da2..7136119c5a 100644 --- a/src/util.ts +++ b/src/util.ts @@ -1114,38 +1114,38 @@ export async function checkDiskUsage( } /** - * Prompt the customer to upgrade to CodeQL Action v3, if appropriate. + * Prompt the customer to upgrade to CodeQL Action v4, if appropriate. * - * Check whether a customer is running v1 or v2. If they are, and we can determine that the GitHub - * instance supports v3, then log an error prompting the customer to upgrade to v3. + * Check whether a customer is running v3. If they are, and we can determine that the GitHub + * instance supports v4, then log an error prompting the customer to upgrade to v4. */ export function checkActionVersion( version: string, githubVersion: GitHubVersion, ) { if ( - !semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + !semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env[EnvVar.LOG_VERSION_DEPRECATION] // do not log error if we have already ) { - // Only error for versions of GHES that are compatible with CodeQL Action version 3. + // Only error for versions of GHES that are compatible with CodeQL Action version 4. // - // GHES 3.11 shipped without the v3 tag, but it also shipped without this warning message code. - // Therefore users who are seeing this warning message code have pulled in a new version of the - // Action, and with it the v3 tag. + // GHES 3.20 is the first version to ship with the v4 tag and this warning message code. + // Therefore, users who are seeing this warning message code are running on GHES 3.20 or newer, + // and should update to CodeQL Action v4. if ( githubVersion.type === GitHubVariant.DOTCOM || githubVersion.type === GitHubVariant.GHE_DOTCOM || (githubVersion.type === GitHubVariant.GHES && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11", + ">=3.20", )) ) { core.error( - "CodeQL Action major versions v1 and v2 have been deprecated. " + - "Please update all occurrences of the CodeQL Action in your workflow files to v3. " + + "CodeQL Action v3 will be deprecated in December 2026. " + + "Please update all occurrences of the CodeQL Action in your workflow files to v4. " + "For more information, see " + - "https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/", + "https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/", ); // set LOG_VERSION_DEPRECATION env var to prevent the warning from being logged multiple times core.exportVariable(EnvVar.LOG_VERSION_DEPRECATION, "true");