Skip to content

Update deprecation warnings for CodeQL Action to v4 #3272

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Update deprecation warnings for CodeQL Action to v4 #3272

wants to merge 9 commits into from
+44 −36

Conversation

@mario-campos
Copy link
Contributor

@mario-campos mario-campos commented Nov 4, 2025
edited
Loading

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

  • Advanced setup - Impacts users who have custom workflows.
  • GHES - Impacts GitHub Enterprise Server.

How did/will you validate this change?

  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
  • End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.
  • Other - Feedback

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@github-actions github-actions bot added the size/XS Should be very easy to review label Nov 4, 2025
@github-actions github-actions bot added size/S Should be easy to review and removed size/XS Should be very easy to review labels Nov 4, 2025
@mario-campos
Copy link
Contributor Author

mario-campos commented Nov 4, 2025
edited
Loading

@henrymercer, could you review this PR? I've got some failing checks and I'm honestly stumped—Copilot wasn't much help either.

util › checkActionVersion reports error for CodeQL Action version 2.2.1 and GitHub version GHES 3.11
...
util › checkActionVersion reports error for CodeQL Action version 2.2.1 and GitHub version GHES 3.12

It seems to consistently fail for these two sets of versions 🤔

Edit: Nevermind

@mario-campos mario-campos marked this pull request as ready for review November 4, 2025 17:45
@mario-campos mario-campos requested a review from a team as a code owner November 4, 2025 17:45
Copilot AI review requested due to automatic review settings November 4, 2025 17:45
mbg
mbg reviewed Nov 4, 2025
View reviewed changes
Copilot AI reviewed Nov 4, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the CodeQL Action version deprecation warning from v3 to v4. The changes prepare users for the upcoming deprecation of CodeQL Action v3 by updating version checks, error messages, and minimum supported GHES version requirements.

  • Updates version check logic to warn users running v1, v2, or v3 to upgrade to v4
  • Changes minimum GHES version requirement from 3.11 to 3.20 for v4 support
  • Updates deprecation message and changelog URL

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

File Description
src/util.ts Updated checkActionVersion function to check for v4 instead of v3, changed GHES minimum version to 3.20, and updated deprecation message
src/util.test.ts Added test cases for v3 and v4 version checks with various GHES versions, updated expected error message
lib/*.js Generated JavaScript files reflecting the TypeScript changes (auto-generated, not reviewed per guidelines)
CHANGELOG.md Documented the new v3 to v4 migration warning

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mbg mbg mbg left review comments

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/S Should be easy to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mario-campos @mbg