codeql-action@a533ec6 (original) (raw)

19 files changed

lines changed

Original file line number	Diff line number	Diff line change
@@ -6,6 +6,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the
6	6
7	7	## [UNRELEASED]
8	8
	9	+- We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. [#2031](https://github.com/github/codeql-action/pull/2031)
9	10	- The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see [the corresponding changelog entry for CodeQL Action version 2.22.7](#2227---16-nov-2023). [#2009](https://github.com/github/codeql-action/pull/2009)
10	11
11	12	## 3.22.12 - 22 Dec 2023

Original file line number	Diff line number	Diff line change
@@ -12,7 +12,11 @@ import {
12	12	getCodeQL,
13	13	} from "./codeql";
14	14	import * as configUtils from "./config-utils";
15		-import { FeatureEnablement, Feature } from "./feature-flags";
	15	+import {
	16	+FeatureEnablement,
	17	+Feature,
	18	+isPythonDependencyInstallationDisabled,
	19	+} from "./feature-flags";
16	20	import { isScannedLanguage, Language } from "./languages";
17	21	import { Logger } from "./logging";
18	22	import { DatabaseCreationTimings, EventReport } from "./status-report";
@@ -122,12 +126,7 @@ async function setupPythonExtractor(
122	126	return;
123	127	}
124	128
125		-if (
126		-await features.getValue(
127		-Feature.DisablePythonDependencyInstallationEnabled,
128		-codeql,
129		-)
130		-) {
	129	+if (await isPythonDependencyInstallationDisabled(codeql, features)) {
131	130	logger.warning(
132	131	"We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +
133	132	"\nIf you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7' or 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11'.",

Original file line number	Diff line number	Diff line change
@@ -48,6 +48,7 @@ export enum Feature {
48	48	CppDependencyInstallation = "cpp_dependency_installation_enabled",
49	49	DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
50	50	DisablePythonDependencyInstallationEnabled = "disable_python_dependency_installation_enabled",
	51	+PythonDefaultIsToSkipDependencyInstallationEnabled = "python_default_is_to_skip_dependency_installation_enabled",
51	52	EvaluatorFineGrainedParallelismEnabled = "evaluator_fine_grained_parallelism_enabled",
52	53	ExportDiagnosticsEnabled = "export_diagnostics_enabled",
53	54	QaTelemetryEnabled = "qa_telemetry_enabled",
@@ -97,6 +98,15 @@ export const featureConfig: Record<
97	98	minimumVersion: undefined,
98	99	defaultValue: false,
99	100	},
	101	+[Feature.PythonDefaultIsToSkipDependencyInstallationEnabled]: {
	102	+// we can reuse the same environment variable as above. If someone has set it to
	103	+// `true` in their workflow this means dependencies are not installed, setting it to
	104	+// `false` means dependencies _will_ be installed. The same semantics are applied
	105	+// here!
	106	+envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
	107	+minimumVersion: "2.16.0",
	108	+defaultValue: false,
	109	+},
100	110	};
101	111
102	112	/**
@@ -441,3 +451,19 @@ class GitHubFeatureFlags {
441	451	}
442	452	}
443	453	}
	454	+
	455	+export async function isPythonDependencyInstallationDisabled(
	456	+codeql: CodeQL,
	457	+features: FeatureEnablement,
	458	+): Promise<boolean> {
	459	+return (
	460	+(await features.getValue(
	461	+Feature.DisablePythonDependencyInstallationEnabled,
	462	+codeql,
	463	+)) \|
	464	+(await features.getValue(
	465	+Feature.PythonDefaultIsToSkipDependencyInstallationEnabled,
	466	+codeql,
	467	+))
	468	+);
	469	+}

Original file line number	Diff line number	Diff line change
@@ -16,7 +16,11 @@ import { getGitHubVersion } from "./api-client";
16	16	import { CodeQL } from "./codeql";
17	17	import * as configUtils from "./config-utils";
18	18	import { EnvVar } from "./environment";
19		-import { Feature, Features } from "./feature-flags";
	19	+import {
	20	+Feature,
	21	+Features,
	22	+isPythonDependencyInstallationDisabled,
	23	+} from "./feature-flags";
20	24	import {
21	25	checkInstallPython311,
22	26	initCodeQL,
@@ -289,12 +293,7 @@ async function run() {
289	293	config.languages.includes(Language.python) &&
290	294	getRequiredInput("setup-python-dependencies") === "true"
291	295	) {
292		-if (
293		-await features.getValue(
294		-Feature.DisablePythonDependencyInstallationEnabled,
295		-codeql,
296		-)
297		-) {
	296	+if (await isPythonDependencyInstallationDisabled(codeql, features)) {
298	297	logger.info("Skipping python dependency installation");
299	298	} else {
300	299	try {
@@ -442,16 +441,18 @@ async function run() {
442	441	}
443	442
444	443	// Disable Python dependency extraction if feature flag set
445		-if (
446		-await features.getValue(
447		-Feature.DisablePythonDependencyInstallationEnabled,
448		-codeql,
449		-)
450		-) {
	444	+if (await isPythonDependencyInstallationDisabled(codeql, features)) {
451	445	core.exportVariable(
452	446	"CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION",
453	447	"true",
454	448	);
	449	+} else {
	450	+// From 2.16.0 the default for the python extractor is to not perform any library
	451	+// extraction, so we need to set this flag to enable it.
	452	+core.exportVariable(
	453	+"CODEQL_EXTRACTOR_PYTHON_FORCE_ENABLE_LIBRARY_EXTRACTION_UNTIL_2_17_0",
	454	+"true",
	455	+);
455	456	}
456	457
457	458	const sourceRoot = path.resolve(