Skip to content

Commit

Permalink
Update changelog note
Browse files Browse the repository at this point in the history
  • Loading branch information
henrymercer committed Jan 18, 2023
1 parent 8a4abfd commit 3d62f02
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,10 @@
- **A change may be required** for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before `v2.2.0` (e.g. `v2.1.32`):
- Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image.
- Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (`v2`).
- **Advanced users only**: Workflows that interact directly with the GitHub Actions runner image tool cache to find CodeQL, for example via the `@actions/tool-cache` npm package or direct access to the filesystem, should take into account the following internal layout changes:
- Previously, the tool cache was pre-populated with _one_ recent version of CodeQL. Now, it is pre-populated with _two_ recent versions of CodeQL.
- Previously, the CodeQL tools were located within the tool cache under a directory named after the release date, e.g. CodeQL 2.11.6 was located under `CodeQL/0.0.0-20221211/x64/codeql`. Now, the CodeQL tools are located under a directory named after the CodeQL CLI version number and release date, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql`.

Where possible, we recommend downloading and managing the CodeQL CLI via the [CodeQL extension for the GitHub CLI](https://github.com/github/gh-codeql) or [GitHub Releases](https://github.com/github/codeql-cli-binaries/releases) rather than using the CodeQL tools from the runner image tool cache.
- **Internal changes**
- These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses [@actions/tool-cache](https://github.com/actions/toolkit/tree/main/packages/tool-cache) or relies on the precise location of CodeQL within the Actions tool cache.
- The tool cache now contains **two** recent CodeQL versions (previously **one**).
- Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql` (previously `CodeQL/0.0.0-20221211/x64/codeql`).
- Python automatic dependency installation will no longer fail for projects using Poetry that specify `virtualenvs.options.no-pip = true` in their `poetry.toml`. [#1431](https://github.com/github/codeql-action/pull/1431).
- Avoid printing a stack trace and error message when the action fails to find the SHA at the
current directory. This will happen in several non-error states and so we now avoid cluttering the
Expand Down

0 comments on commit 3d62f02

Please sign in to comment.