codeql-action@58ff74a (original) (raw)

10 files changed

lines changed

Original file line number	Diff line number	Diff line change
@@ -6,6 +6,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the
6	6
7	7	## [UNRELEASED]
8	8
	9	+- We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. [#2031](https://github.com/github/codeql-action/pull/2031)
9	10	- The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see [the corresponding changelog entry for CodeQL Action version 2.22.7](#2227---16-nov-2023). [#2009](https://github.com/github/codeql-action/pull/2009)
10	11
11	12	## 3.22.12 - 22 Dec 2023

Original file line number	Diff line number	Diff line change
@@ -18,6 +18,7 @@ import {
18	18	Feature,
19	19	logCodeScanningConfigInCli,
20	20	useCodeScanningConfigInCli,
	21	+isPythonDependencyInstallationDisabled,
21	22	} from "./feature-flags";
22	23	import { isScannedLanguage, Language } from "./languages";
23	24	import { Logger } from "./logging";
@@ -104,12 +105,7 @@ async function setupPythonExtractor(
104	105	return;
105	106	}
106	107
107		-if (
108		-await features.getValue(
109		-Feature.DisablePythonDependencyInstallationEnabled,
110		-codeql,
111		-)
112		-) {
	108	+if (await isPythonDependencyInstallationDisabled(codeql, features)) {
113	109	logger.warning(
114	110	"We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +
115	111	"\nIf you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7' or 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11'.",

Original file line number	Diff line number	Diff line change
@@ -49,6 +49,7 @@ export enum Feature {
49	49	CppDependencyInstallation = "cpp_dependency_installation_enabled",
50	50	DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
51	51	DisablePythonDependencyInstallationEnabled = "disable_python_dependency_installation_enabled",
	52	+PythonDefaultIsToSkipDependencyInstallationEnabled = "python_default_is_to_skip_dependency_installation_enabled",
52	53	EvaluatorFineGrainedParallelismEnabled = "evaluator_fine_grained_parallelism_enabled",
53	54	ExportDiagnosticsEnabled = "export_diagnostics_enabled",
54	55	QaTelemetryEnabled = "qa_telemetry_enabled",
@@ -103,6 +104,15 @@ export const featureConfig: Record<
103	104	minimumVersion: undefined,
104	105	defaultValue: false,
105	106	},
	107	+[Feature.PythonDefaultIsToSkipDependencyInstallationEnabled]: {
	108	+// we can reuse the same environment variable as above. If someone has set it to
	109	+// `true` in their workflow this means dependencies are not installed, setting it to
	110	+// `false` means dependencies _will_ be installed. The same semantics are applied
	111	+// here!
	112	+envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
	113	+minimumVersion: "2.16.0",
	114	+defaultValue: false,
	115	+},
106	116	};
107	117
108	118	/**
@@ -474,3 +484,19 @@ export async function logCodeScanningConfigInCli(
474	484	);
475	485	}
476	486	}
	487	+
	488	+export async function isPythonDependencyInstallationDisabled(
	489	+codeql: CodeQL,
	490	+features: FeatureEnablement,
	491	+): Promise<boolean> {
	492	+return (
	493	+(await features.getValue(
	494	+Feature.DisablePythonDependencyInstallationEnabled,
	495	+codeql,
	496	+)) \|
	497	+(await features.getValue(
	498	+Feature.PythonDefaultIsToSkipDependencyInstallationEnabled,
	499	+codeql,
	500	+))
	501	+);
	502	+}

Original file line number	Diff line number	Diff line change
@@ -16,7 +16,11 @@ import { getGitHubVersion } from "./api-client";
16	16	import { CodeQL } from "./codeql";
17	17	import * as configUtils from "./config-utils";
18	18	import { EnvVar } from "./environment";
19		-import { Feature, Features } from "./feature-flags";
	19	+import {
	20	+Feature,
	21	+Features,
	22	+isPythonDependencyInstallationDisabled,
	23	+} from "./feature-flags";
20	24	import {
21	25	checkInstallPython311,
22	26	initCodeQL,
@@ -293,12 +297,7 @@ async function run() {
293	297	config.languages.includes(Language.python) &&
294	298	getRequiredInput("setup-python-dependencies") === "true"
295	299	) {
296		-if (
297		-await features.getValue(
298		-Feature.DisablePythonDependencyInstallationEnabled,
299		-codeql,
300		-)
301		-) {
	300	+if (await isPythonDependencyInstallationDisabled(codeql, features)) {
302	301	logger.info("Skipping python dependency installation");
303	302	} else {
304	303	try {
@@ -446,16 +445,18 @@ async function run() {
446	445	}
447	446
448	447	// Disable Python dependency extraction if feature flag set
449		-if (
450		-await features.getValue(
451		-Feature.DisablePythonDependencyInstallationEnabled,
452		-codeql,
453		-)
454		-) {
	448	+if (await isPythonDependencyInstallationDisabled(codeql, features)) {
455	449	core.exportVariable(
456	450	"CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION",
457	451	"true",
458	452	);
	453	+} else {
	454	+// From 2.16.0 the default for the python extractor is to not perform any library
	455	+// extraction, so we need to set this flag to enable it.
	456	+core.exportVariable(
	457	+"CODEQL_EXTRACTOR_PYTHON_FORCE_ENABLE_LIBRARY_EXTRACTION_UNTIL_2_17_0",
	458	+"true",
	459	+);
459	460	}
460	461
461	462	const sourceRoot = path.resolve(