Merge pull request #1730 from github/update-v2.20.0-d5b7b3823

Merge main into releases/v2

CHANGELOG.md

@@ -1,8 +1,8 @@
 # CodeQL Action Changelog
 
-## [UNRELEASED]
+## 2.20.0 - 13 Jun 2023
 
-No user facing changes.
+- Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to [`cdcdbb5`](https://github.com/github/codeql-action/commit/cdcdbb579706841c47f7063dda365e292e5cad7a), which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in [#1729](https://github.com/github/codeql-action/pull/1729)
 
 ## 2.3.6 - 01 Jun 2023
 

lib/analyze.js

@@ -54,7 +54,7 @@ async function setupPythonExtractor(logger, features, codeql) {
         // If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything
         return;
     }
-    if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+    if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallationEnabled, codeql)) {
         logger.warning("We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +
             "\nIf you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7' or 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11'.");
         return;

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.9", "minimumVersion": "3.5" }
+{ "maximumVersion": "3.10", "minimumVersion": "3.6" }

lib/feature-flags.js

@@ -36,11 +36,11 @@ var Feature;
 (function (Feature) {
     Feature["CliConfigFileEnabled"] = "cli_config_file_enabled";
     Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
+    Feature["DisablePythonDependencyInstallationEnabled"] = "disable_python_dependency_installation_enabled";
     Feature["ExportCodeScanningConfigEnabled"] = "export_code_scanning_config_enabled";
     Feature["ExportDiagnosticsEnabled"] = "export_diagnostics_enabled";
     Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
     Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
-    Feature["DisablePythonDependencyInstallation"] = "disable_python_dependency_installation";
 })(Feature = exports.Feature || (exports.Feature = {}));
 exports.featureConfig = {
     [Feature.DisableKotlinAnalysisEnabled]: {
@@ -73,7 +73,7 @@ exports.featureConfig = {
         minimumVersion: "2.11.3",
         defaultValue: true,
     },
-    [Feature.DisablePythonDependencyInstallation]: {
+    [Feature.DisablePythonDependencyInstallationEnabled]: {
         envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
         // Although the python extractor only started supporting not extracting installed
         // dependencies in 2.13.1, the init-action can still benefit from not installing

lib/init-action.js

@@ -136,7 +136,7 @@ async function run() {
         (0, actions_util_1.getOptionalInput)("debug") === "true" || core.isDebug(), (0, actions_util_1.getOptionalInput)("debug-artifact-name") || util_1.DEFAULT_DEBUG_ARTIFACT_NAME, (0, actions_util_1.getOptionalInput)("debug-database-name") || util_1.DEFAULT_DEBUG_DATABASE_NAME, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), codeql, (0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), gitHubVersion, apiDetails, features, logger);
         if (config.languages.includes(languages_1.Language.python) &&
             (0, actions_util_1.getRequiredInput)("setup-python-dependencies") === "true") {
-            if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+            if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallationEnabled, codeql)) {
                 logger.info("Skipping python dependency installation");
             }
             else {
@@ -176,7 +176,7 @@ async function run() {
             core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");
         }
         // Disable Python dependency extraction if feature flag set
-        if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+        if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallationEnabled, codeql)) {
             core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
         }
         const sourceRoot = path.resolve((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), (0, actions_util_1.getOptionalInput)("source-root") || "");

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.3.7",
+  "version": "2.20.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "2.3.7",
+  "version": "2.20.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "2.3.7",
+      "version": "2.20.0",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.1.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.3.7",
+  "version": "2.20.0",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

src/analyze.ts

@@ -92,7 +92,10 @@ async function setupPythonExtractor(
   }
 
   if (
-    await features.getValue(Feature.DisablePythonDependencyInstallation, codeql)
+    await features.getValue(
+      Feature.DisablePythonDependencyInstallationEnabled,
+      codeql
+    )
   ) {
     logger.warning(
       "We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +

src/api-compatibility.json

@@ -1 +1 @@
-{"maximumVersion": "3.9", "minimumVersion": "3.5"}
+{"maximumVersion": "3.10", "minimumVersion": "3.6"}

src/feature-flags.ts

@@ -39,11 +39,11 @@ export interface FeatureEnablement {
 export enum Feature {
   CliConfigFileEnabled = "cli_config_file_enabled",
   DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
+  DisablePythonDependencyInstallationEnabled = "disable_python_dependency_installation_enabled",
   ExportCodeScanningConfigEnabled = "export_code_scanning_config_enabled",
   ExportDiagnosticsEnabled = "export_diagnostics_enabled",
   MlPoweredQueriesEnabled = "ml_powered_queries_enabled",
   UploadFailedSarifEnabled = "upload_failed_sarif_enabled",
-  DisablePythonDependencyInstallation = "disable_python_dependency_installation",
 }
 
 export const featureConfig: Record<
@@ -81,7 +81,7 @@ export const featureConfig: Record<
     minimumVersion: "2.11.3",
     defaultValue: true,
   },
-  [Feature.DisablePythonDependencyInstallation]: {
+  [Feature.DisablePythonDependencyInstallationEnabled]: {
     envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
     // Although the python extractor only started supporting not extracting installed
     // dependencies in 2.13.1, the init-action can still benefit from not installing

src/init-action.ts

@@ -279,7 +279,7 @@ async function run() {
     ) {
       if (
         await features.getValue(
-          Feature.DisablePythonDependencyInstallation,
+          Feature.DisablePythonDependencyInstallationEnabled,
           codeql
         )
       ) {
@@ -343,7 +343,7 @@ async function run() {
     // Disable Python dependency extraction if feature flag set
     if (
       await features.getValue(
-        Feature.DisablePythonDependencyInstallation,
+        Feature.DisablePythonDependencyInstallationEnabled,
         codeql
       )
     ) {