Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Action version to 2.20.0 #1729

Merged
merged 2 commits into from
Jun 13, 2023
Merged

Bump Action version to 2.20.0 #1729

merged 2 commits into from
Jun 13, 2023
+5 −5

Conversation

angelapwen
Copy link
Contributor

@angelapwen angelapwen commented Jun 13, 2023
edited
Loading

Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to cdcdbb5, which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action.

  • The CodeQL Action repository contains a series of tags v* corresponding to versions of the CodeQL Action. However it also contains a series of tags codeql-bundle-* that correspond to versions of the CodeQL Bundle, an artifact that contains the CodeQL CLI and the standard CodeQL libraries.
  • In CodeQL CLI version 2.13.4, we changed the format of the CodeQL Bundle tag from a date, for example codeql-bundle-20230613, to a semantic version, for example codeql-bundle-v2.13.4. This inadvertently sent out Dependabot PRs that upgraded users from v2.3.6 to codeql-bundle-v2.13.4.
  • To ensure that users who merged this Dependabot upgrade continue to receive correct updates to the CodeQL Action, we are bumping the Action version to make it greater than 2.13.4. We chose version 2.20.0 to help avoid confusion between the version numbers of the CodeQL Action and the CodeQL CLI.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Confirm the readme has been updated if necessary.
  • Confirm the changelog has been updated if necessary.

@angelapwen angelapwen marked this pull request as ready for review June 13, 2023 17:07
@angelapwen angelapwen requested a review from a team as a code owner June 13, 2023 17:07
@angelapwen angelapwen enabled auto-merge (squash) June 13, 2023 17:18
@angelapwen angelapwen disabled auto-merge June 13, 2023 17:31
@angelapwen angelapwen enabled auto-merge (squash) June 13, 2023 17:37
@angelapwen angelapwen merged commit d5b7b38 into main Jun 13, 2023
@angelapwen angelapwen deleted the bump-to-2.20.0 branch June 13, 2023 17:46
@github-actions github-actions bot mentioned this pull request Jun 13, 2023
Merged
6 tasks
@mbg mbg mentioned this pull request Jun 13, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@henrymercer henrymercer henrymercer approved these changes

@adityasharad adityasharad adityasharad approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@angelapwen @adityasharad @henrymercer