Context for previous version is
https://github.com/github/codeql-action/pull/862
Locally, I was able to install `20.15.1` with Python2.
I don't see any reason why python3 version should be restricted.
As previously written, if codeql finds a `Pipfile`, but no `Pipfile.lock`, it will run `pipenv install` with args that require `Pipfile.lock` to exist. Pipfile will fail with this message:
```
Usage: python -m pipenv install [OPTIONS] [PACKAGES]...
ERROR:: Pipfile.lock must exist to use --keep-outdated!
package installation with pipenv failed, see error above
```
This changeset enables auto_install to work with Pipfile when there is no lock. (Bonus: `--skip-lock` is generally a bit faster.)
When the script executed on a runner which does not have python2, script incorrectly execute the code inside the if condition. This script runs using /bin/sh in Ubuntu and cause the problem. Fix for this issue to use different syntax in output redirection.
Issue is reproduced using running the job on ubunutu container. Fix also verified in the action https://github.com/cdivitotawela/codeql-issue/actions/runs/2038007502
The requests module 1.2.3 is no longer compatible with python >=3.10.0.
So, instead use 2.26.0, the most recent version that is compatible with
our supported python versions at the time of this commit.
This URL changed upstream. Fix it by using the same upstream URL as the LGTM Python image.
We can revisit separately whether to drop the Python 2 pip installation entirely.
In the README of this repo, it's suggested to use the `ubuntu-latest` environment.
That environment will soon be upgraded to Ubuntu 20.04: https://github.com/actions/virtual-environments/issues/1816
As pointed out in that issue, the updated image comes without a Python 2 pip preinstalled:
Setup Python dependencies
/home/runner/work/_actions/github/codeql-action/v1/python-setup/install_tools.sh
[...]
+ python2 -m pip install --user --upgrade pip setuptools wheel
/usr/bin/python2: No module named pip
Warning: Unable to download and extract the tools needed for installing the python dependecies. You can call this action with 'setup-python-dependencies: false' to disable this process.
