From 1aade295bc05b887c74db29238a4a6a6830afabd Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 4 Nov 2025 09:59:16 -0600 Subject: [PATCH 01/12] Update deprecation warnings for CodeQL Action to v4 --- lib/analyze-action.js | 6 +++--- lib/autobuild-action.js | 6 +++--- lib/init-action.js | 6 +++--- lib/resolve-environment-action.js | 6 +++--- lib/setup-codeql-action.js | 6 +++--- lib/upload-sarif-action.js | 6 +++--- src/util.ts | 24 ++++++++++++------------ 7 files changed, 30 insertions(+), 30 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 1751b03359..9e0d30df7d 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -87413,14 +87413,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 58190c45d9..b32b9311a0 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -83157,14 +83157,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/init-action.js b/lib/init-action.js index a3b4cf1f56..7cff5a38d0 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -84734,14 +84734,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 026a624249..3c5558a6ca 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -83169,14 +83169,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 265caf361c..c22940852a 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -83245,14 +83245,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index db4a464eb1..d0e2be8ccf 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -86065,14 +86065,14 @@ async function checkDiskUsage(logger) { } } function checkActionVersion(version, githubVersion) { - if (!semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + if (!semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env["CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */]) { if (githubVersion.type === 0 /* DOTCOM */ || githubVersion.type === 2 /* GHE_DOTCOM */ || githubVersion.type === 1 /* GHES */ && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11" + ">=3.20" )) { core3.error( - "CodeQL Action major versions v1 and v2 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/" + "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/src/util.ts b/src/util.ts index 96ea0f9da2..7f58c18609 100644 --- a/src/util.ts +++ b/src/util.ts @@ -1114,38 +1114,38 @@ export async function checkDiskUsage( } /** - * Prompt the customer to upgrade to CodeQL Action v3, if appropriate. + * Prompt the customer to upgrade to CodeQL Action v4, if appropriate. * - * Check whether a customer is running v1 or v2. If they are, and we can determine that the GitHub - * instance supports v3, then log an error prompting the customer to upgrade to v3. + * Check whether a customer is running v1, v2, or v3. If they are, and we can determine that the GitHub + * instance supports v4, then log an error prompting the customer to upgrade to v4. */ export function checkActionVersion( version: string, githubVersion: GitHubVersion, ) { if ( - !semver.satisfies(version, ">=3") && // do not log error if the customer is already running v3 + !semver.satisfies(version, ">=4") && // do not log error if the customer is already running v4 !process.env[EnvVar.LOG_VERSION_DEPRECATION] // do not log error if we have already ) { - // Only error for versions of GHES that are compatible with CodeQL Action version 3. + // Only error for versions of GHES that are compatible with CodeQL Action version 4. // - // GHES 3.11 shipped without the v3 tag, but it also shipped without this warning message code. - // Therefore users who are seeing this warning message code have pulled in a new version of the - // Action, and with it the v3 tag. + // GHES 3.19 shipped without the v4 tag, but it also shipped without this warning message code. + // Therefore, users who are seeing this warning message code have pulled in a new version of the + // Action, and with it the v4 tag. if ( githubVersion.type === GitHubVariant.DOTCOM || githubVersion.type === GitHubVariant.GHE_DOTCOM || (githubVersion.type === GitHubVariant.GHES && semver.satisfies( semver.coerce(githubVersion.version) ?? "0.0.0", - ">=3.11", + ">=3.20", )) ) { core.error( - "CodeQL Action major versions v1 and v2 have been deprecated. " + - "Please update all occurrences of the CodeQL Action in your workflow files to v3. " + + "CodeQL Action major versions v1, v2, and v3 have been deprecated. " + + "Please update all occurrences of the CodeQL Action in your workflow files to v4. " + "For more information, see " + - "https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/", + "https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/", ); // set LOG_VERSION_DEPRECATION env var to prevent the warning from being logged multiple times core.exportVariable(EnvVar.LOG_VERSION_DEPRECATION, "true"); From 5a9b49de7e1e796128aef56b84447e0c3c19c476 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 4 Nov 2025 10:09:47 -0600 Subject: [PATCH 02/12] Update CHANGELOG to reflect warning for v3 users migrating to v4 of CodeQL Action --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bb4d0129e5..23a3d03018 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- Updated the `init` action to log a warning if the action is v3 but could be v4. This is to help users migrate to v4 of the CodeQL Action. ## 4.31.2 - 30 Oct 2025 From ba82f9bd342bd57818b9ceb787cdbb6dd5ea58b5 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 4 Nov 2025 10:12:35 -0600 Subject: [PATCH 03/12] Fix deprecation warning to reflect that v3 is not actually deprecated yet. --- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/upload-sarif-action.js | 2 +- src/util.ts | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 9e0d30df7d..71d7449451 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -87420,7 +87420,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index b32b9311a0..2047566b4a 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -83164,7 +83164,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/init-action.js b/lib/init-action.js index 7cff5a38d0..b693f5a3ae 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -84741,7 +84741,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 3c5558a6ca..74c9ec4251 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -83176,7 +83176,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index c22940852a..a7130eb287 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -83252,7 +83252,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index d0e2be8ccf..4a1ec30d68 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -86072,7 +86072,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have been deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/src/util.ts b/src/util.ts index 7f58c18609..5bcf97323c 100644 --- a/src/util.ts +++ b/src/util.ts @@ -1142,7 +1142,7 @@ export function checkActionVersion( )) ) { core.error( - "CodeQL Action major versions v1, v2, and v3 have been deprecated. " + + "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. " + "Please update all occurrences of the CodeQL Action in your workflow files to v4. " + "For more information, see " + "https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/", From f1ca6a4f4742a70c001ddc0823d5d77b5ca16afc Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 4 Nov 2025 11:07:15 -0600 Subject: [PATCH 04/12] Update tests to reflect deprecation status of CodeQL Action v3 --- src/util.test.ts | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/util.test.ts b/src/util.test.ts index 0e3adc8f7e..ed9a62df8f 100644 --- a/src/util.test.ts +++ b/src/util.test.ts @@ -449,11 +449,19 @@ const CHECK_ACTION_VERSION_TESTS: Array<[string, util.GitHubVersion, boolean]> = ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false], ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, true], ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, true], - ["3.2.1", { type: util.GitHubVariant.DOTCOM }, false], - ["3.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, false], + ["3.2.1", { type: util.GitHubVariant.DOTCOM }, true], + ["3.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, true], ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false], ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, false], ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, false], + ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.19" }, false], + ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.20" }, true], + ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.21" }, true], + ["4.2.1", { type: util.GitHubVariant.DOTCOM }, false], + ["4.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, false], + ["4.2.1", { type: util.GitHubVariant.GHES, version: "3.19" }, false], + ["4.2.1", { type: util.GitHubVariant.GHES, version: "3.20" }, false], + ["4.2.1", { type: util.GitHubVariant.GHES, version: "3.21" }, false], ]; for (const [ @@ -480,9 +488,7 @@ for (const [ if (shouldReportError) { t.true( warningSpy.calledOnceWithExactly( - sinon.match( - "CodeQL Action major versions v1 and v2 have been deprecated.", - ), + "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/", ), ); } else { From 08dc635f2714d65c682f391c77034f7a2551a4e7 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 4 Nov 2025 11:11:08 -0600 Subject: [PATCH 05/12] Restore use of `sinon.match()`. --- src/util.test.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/util.test.ts b/src/util.test.ts index ed9a62df8f..8ae686cf87 100644 --- a/src/util.test.ts +++ b/src/util.test.ts @@ -488,7 +488,9 @@ for (const [ if (shouldReportError) { t.true( warningSpy.calledOnceWithExactly( - "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/", + sinon.match( + "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated.", + ), ), ); } else { From b32a1e06270a348d56dfa406e1aefa2733eabbe6 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 4 Nov 2025 11:51:23 -0600 Subject: [PATCH 06/12] Update test cases for GitHub Enterprise Server versions 3.11 and 3.12 to reflect correct deprecation status --- src/util.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util.test.ts b/src/util.test.ts index 8ae686cf87..07d88b0d90 100644 --- a/src/util.test.ts +++ b/src/util.test.ts @@ -447,8 +447,8 @@ const CHECK_ACTION_VERSION_TESTS: Array<[string, util.GitHubVersion, boolean]> = ["2.2.1", { type: util.GitHubVariant.DOTCOM }, true], ["2.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, true], ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false], - ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, true], - ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, true], + ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, false], + ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, false], ["3.2.1", { type: util.GitHubVariant.DOTCOM }, true], ["3.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, true], ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false], From c443dff4332743a74bf05fba9238be34efe6545b Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 4 Nov 2025 11:57:44 -0600 Subject: [PATCH 07/12] Simplify warning language to not enumerate deprecated versions. --- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/upload-sarif-action.js | 2 +- src/util.test.ts | 2 +- src/util.ts | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 71d7449451..2f430478f1 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -87420,7 +87420,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 2047566b4a..b5ddc0e404 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -83164,7 +83164,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/init-action.js b/lib/init-action.js index b693f5a3ae..b8e617159d 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -84741,7 +84741,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 74c9ec4251..1ed9fbfb3f 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -83176,7 +83176,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index a7130eb287..ccf19aab2c 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -83252,7 +83252,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 4a1ec30d68..2a276bf502 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -86072,7 +86072,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/src/util.test.ts b/src/util.test.ts index 07d88b0d90..6a3aeb6cb8 100644 --- a/src/util.test.ts +++ b/src/util.test.ts @@ -489,7 +489,7 @@ for (const [ t.true( warningSpy.calledOnceWithExactly( sinon.match( - "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated.", + "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated.", ), ), ); diff --git a/src/util.ts b/src/util.ts index 5bcf97323c..bed223cc34 100644 --- a/src/util.ts +++ b/src/util.ts @@ -1142,7 +1142,7 @@ export function checkActionVersion( )) ) { core.error( - "CodeQL Action major versions v1, v2, and v3 have either been deprecated or will soon be deprecated. " + + "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. " + "Please update all occurrences of the CodeQL Action in your workflow files to v4. " + "For more information, see " + "https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/", From 9366f803993df41030da010f29a8f4a0b48d8785 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 4 Nov 2025 12:00:11 -0600 Subject: [PATCH 08/12] Reference GHES 3.20 in the comment, not 3.19. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/util.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/util.ts b/src/util.ts index bed223cc34..f49e1401e9 100644 --- a/src/util.ts +++ b/src/util.ts @@ -1129,9 +1129,9 @@ export function checkActionVersion( ) { // Only error for versions of GHES that are compatible with CodeQL Action version 4. // - // GHES 3.19 shipped without the v4 tag, but it also shipped without this warning message code. - // Therefore, users who are seeing this warning message code have pulled in a new version of the - // Action, and with it the v4 tag. + // GHES 3.20 is the first version to ship with the v4 tag and this warning message code. + // Therefore, users who are seeing this warning message code are running on GHES 3.20 or newer, + // and should update to CodeQL Action v4. if ( githubVersion.type === GitHubVariant.DOTCOM || githubVersion.type === GitHubVariant.GHE_DOTCOM || From a570795dfc64163235f9665eb852d374277177cd Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 4 Nov 2025 12:02:01 -0600 Subject: [PATCH 09/12] Clarify the CHANGELOG.md entry to reflect the whole action, and not just `init`. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 23a3d03018..d9456ec50a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -- Updated the `init` action to log a warning if the action is v3 but could be v4. This is to help users migrate to v4 of the CodeQL Action. +- Updated the Action to log a warning if executing v3 but could be executing v4. This is to help users migrate to v4 of the CodeQL Action. ## 4.31.2 - 30 Oct 2025 From 6a63bc6af3198dfd479595a83953a24360b36e1d Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Wed, 5 Nov 2025 09:15:42 -0600 Subject: [PATCH 10/12] Change warning message to just v3 (exclude v1, v2). --- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/upload-sarif-action.js | 2 +- src/util.test.ts | 2 +- src/util.ts | 4 ++-- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 2f430478f1..6a3429f4c2 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -87420,7 +87420,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index b5ddc0e404..a91600803d 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -83164,7 +83164,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/init-action.js b/lib/init-action.js index b8e617159d..8caf18bc84 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -84741,7 +84741,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 1ed9fbfb3f..1de26656aa 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -83176,7 +83176,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index ccf19aab2c..707d57b5b3 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -83252,7 +83252,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 2a276bf502..91ba895e89 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -86072,7 +86072,7 @@ function checkActionVersion(version, githubVersion) { ">=3.20" )) { core3.error( - "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" + "CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/" ); core3.exportVariable("CODEQL_ACTION_DID_LOG_VERSION_DEPRECATION" /* LOG_VERSION_DEPRECATION */, "true"); } diff --git a/src/util.test.ts b/src/util.test.ts index 6a3aeb6cb8..550dc16595 100644 --- a/src/util.test.ts +++ b/src/util.test.ts @@ -489,7 +489,7 @@ for (const [ t.true( warningSpy.calledOnceWithExactly( sinon.match( - "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated.", + "CodeQL Action v3 will be deprecated in December 2026.", ), ), ); diff --git a/src/util.ts b/src/util.ts index f49e1401e9..7136119c5a 100644 --- a/src/util.ts +++ b/src/util.ts @@ -1116,7 +1116,7 @@ export async function checkDiskUsage( /** * Prompt the customer to upgrade to CodeQL Action v4, if appropriate. * - * Check whether a customer is running v1, v2, or v3. If they are, and we can determine that the GitHub + * Check whether a customer is running v3. If they are, and we can determine that the GitHub * instance supports v4, then log an error prompting the customer to upgrade to v4. */ export function checkActionVersion( @@ -1142,7 +1142,7 @@ export function checkActionVersion( )) ) { core.error( - "CodeQL Action major versions below v4 have either been deprecated or will soon be deprecated. " + + "CodeQL Action v3 will be deprecated in December 2026. " + "Please update all occurrences of the CodeQL Action in your workflow files to v4. " + "For more information, see " + "https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/", From ecee3ea8f5cfc8db1cef4d5bbb29aad2bdb98346 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Wed, 5 Nov 2025 09:18:30 -0600 Subject: [PATCH 11/12] Update CHANGELOG.md. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d9456ec50a..b023f376bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -- Updated the Action to log a warning if executing v3 but could be executing v4. This is to help users migrate to v4 of the CodeQL Action. +- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see [Upcoming deprecation of CodeQL Action v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/). ## 4.31.2 - 30 Oct 2025 From 74f662193b73595358758ec21164923494ca4704 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Wed, 5 Nov 2025 09:37:42 -0600 Subject: [PATCH 12/12] Reformat with eslint --- src/util.test.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/util.test.ts b/src/util.test.ts index 550dc16595..03d7d89ec2 100644 --- a/src/util.test.ts +++ b/src/util.test.ts @@ -488,9 +488,7 @@ for (const [ if (shouldReportError) { t.true( warningSpy.calledOnceWithExactly( - sinon.match( - "CodeQL Action v3 will be deprecated in December 2026.", - ), + sinon.match("CodeQL Action v3 will be deprecated in December 2026."), ), ); } else {