github · henrymercer · Jan 18, 2023 · Jan 16, 2023 · Jan 16, 2023 · Jan 18, 2023
@@ -2,6 +2,7 @@
 
 ## [UNRELEASED]
 
+- CodeQL Action v1 is now discontinued, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see [this changelog post](https://github.blog/changelog/2022-04-27-code-scanning-deprecation-of-codeql-action-v1/). [#1467](https://github.com/github/codeql-action/pull/1466)
 - Python automatic dependency installation will no longer fail for projects using Poetry that specify `virtualenvs.options.no-pip = true` in their `poetry.toml`. [#1431](https://github.com/github/codeql-action/pull/1431).
 - Avoid printing a stack trace and error message when the action fails to find the SHA at the
   current directory. This will happen in several non-error states and so we now avoid cluttering the
@@ -19,7 +20,7 @@
 
 - Update default CodeQL bundle version to 2.11.5. [#1412](https://github.com/github/codeql-action/pull/1412)
 - Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. [#1393](https://github.com/github/codeql-action/pull/1393)
-- Python automatic dependency installation will no longer consider dependecy code installed in venv as user-written, for projects using Poetry that specify `virtualenvs.in-project = true` in their `poetry.toml`. [#1419](https://github.com/github/codeql-action/pull/1419).
+- Python automatic dependency installation will no longer consider dependency code installed in venv as user-written, for projects using Poetry that specify `virtualenvs.in-project = true` in their `poetry.toml`. [#1419](https://github.com/github/codeql-action/pull/1419).
 
 ## 2.1.35 - 01 Dec 2022
 
@@ -320,7 +321,7 @@ No user facing changes.
 ## 1.0.4 - 28 Jun 2021
 
 - Fix `RUNNER_TEMP environment variable must be set` when using runner. [#594](https://github.com/github/codeql-action/pull/594)
-- Fix couting of lines of code for C# projects. [#586](https://github.com/github/codeql-action/pull/586)
+- Fix counting of lines of code for C# projects. [#586](https://github.com/github/codeql-action/pull/586)
 
 ## 1.0.3 - 23 Jun 2021
 

@@ -328,7 +328,7 @@ const CHECK_ACTION_VERSION_TESTS: Array<[string, util.GitHubVersion, boolean]> =
   [
     ["1.2.1", { type: util.GitHubVariant.DOTCOM }, true],
     ["1.2.1", { type: util.GitHubVariant.GHAE }, true],
-    ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.3" }, false],
+    ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.3" }, true],
     ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.4" }, true],
     ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.5" }, true],
     ["2.2.1", { type: util.GitHubVariant.DOTCOM }, false],
@@ -341,28 +341,30 @@ const CHECK_ACTION_VERSION_TESTS: Array<[string, util.GitHubVersion, boolean]> =
 for (const [
   version,
   githubVersion,
-  shouldReportWarning,
+  shouldReportError,
 ] of CHECK_ACTION_VERSION_TESTS) {
-  const reportWarningDescription = shouldReportWarning
-    ? "reports warning"
-    : "doesn't report warning";
+  const reportErrorDescription = shouldReportError
+    ? "reports error"
+    : "doesn't report error";
   const versionsDescription = `CodeQL Action version ${version} and GitHub version ${formatGitHubVersion(
     githubVersion
   )}`;
-  test(`checkActionVersion ${reportWarningDescription} for ${versionsDescription}`, async (t) => {
-    const warningSpy = sinon.spy(core, "warning");
+  test(`checkActionVersion ${reportErrorDescription} for ${versionsDescription}`, async (t) => {
+    const errorSpy = sinon.spy(core, "error");
     const versionStub = sinon
       .stub(api, "getGitHubVersion")
       .resolves(githubVersion);
     await util.checkActionVersion(version);
-    if (shouldReportWarning) {
+    if (shouldReportError) {
       t.true(
-        warningSpy.calledOnceWithExactly(
-          sinon.match("CodeQL Action v1 will be deprecated")
+        errorSpy.calledOnceWithExactly(
+          sinon.match(
+            "This version of the CodeQL Action was discontinued on January 18th, 2023"
+          )
         )
       );
     } else {
-      t.false(warningSpy.called);
+      t.false(errorSpy.called);
     }
     versionStub.restore();
   });

@@ -8,7 +8,6 @@ import del from "del";
 import getFolderSize from "get-folder-size";
 import * as semver from "semver";
 
-import * as api from "./api-client";
 import { getApiClient, GitHubApiDetails } from "./api-client";
 import * as apiCompatibility from "./api-compatibility.json";
 import { CodeQL, CODEQL_VERSION_NEW_TRACING } from "./codeql";
@@ -633,32 +632,17 @@ export function getMlPoweredJsQueriesStatus(config: Config): string {
  * Prompt the customer to upgrade to CodeQL Action v2, if appropriate.
  *
  * Check whether a customer is running v1. If they are, and we can determine that the GitHub
- * instance supports v2, then log a warning about v1's upcoming deprecation prompting the customer
- * to upgrade to v2.
+ * instance supports v2, then log an error that v1 is discontinued and prompt the customer to
+ * upgrade to v2.
  */
 export async function checkActionVersion(version: string) {
   if (!semver.satisfies(version, ">=2")) {
-    const githubVersion = await api.getGitHubVersion();
-    // Only log a warning for versions of GHES that are compatible with CodeQL Action version 2.
-    //
-    // GHES 3.4 shipped without the v2 tag, but it also shipped without this warning message code.
-    // Therefore users who are seeing this warning message code have pulled in a new version of the
-    // Action, and with it the v2 tag.
-    if (
-      githubVersion.type === GitHubVariant.DOTCOM ||
-      githubVersion.type === GitHubVariant.GHAE ||
-      (githubVersion.type === GitHubVariant.GHES &&
-        semver.satisfies(
-          semver.coerce(githubVersion.version) ?? "0.0.0",
-          ">=3.4"
-        ))
-    ) {
-      core.warning(
-        "CodeQL Action v1 will be deprecated on January 18th, 2023. Please upgrade to v2. For " +
-          "more information, see " +
-          "https://github.blog/changelog/2022-04-27-code-scanning-deprecation-of-codeql-action-v1/"
-      );
-    }
+    core.error(
+      "This version of the CodeQL Action was discontinued on January 18th, 2023, and is no longer " +
+        "updated or supported. For better performance, improved security, and new features, " +
+        "upgrade to v2. For more information, see " +
+        "https://github.blog/changelog/2022-04-27-code-scanning-deprecation-of-codeql-action-v1/"
+    );
   }
 }