From 13cdac30ccfeb9a6c6363964ce9673ecc0b0ca30 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Fri, 13 Jan 2023 16:18:52 +0000 Subject: [PATCH] Improve changelog notes --- CHANGELOG.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff3f6550f..fdd641e49 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,14 @@ ## [UNRELEASED] -- The default version of the CodeQL tools when running the CodeQL Action on github.com will now be more stable during the release of new GitHub Actions runner images. This will prevent fluctuations in code scanning alerts while a new runner image release rolls out to GitHub-hosted Actions runners. [#1475](https://github.com/github/codeql-action/pull/1475). -- Upcoming versions of the GitHub Actions runner images will include a change to the layout of the CodeQL tools within the Actions toolcache. Specifically, the Actions toolcache will be pre-populated with the latest two versions of the CodeQL tools, rather than just the latest CodeQL tools. The version number of the CodeQL tools within the toolcache will also change to incorporate the version number of the corresponding release of the CodeQL CLI. Users should continue to avoid depending on the layout of the CodeQL tools within the toolcache, as this may change without warning in the future. +- We have improved the mechanism by which the CodeQL Action determines the default version of the CodeQL tools when running on github.com. As a result, code scanning alerts will now be more stable during the release of new GitHub Actions runner images. [#1475](https://github.com/github/codeql-action/pull/1475). +- We are changing how the CodeQL bundle is stored within the Actions tool cache. This cache stores tools used in GitHub Actions workflows locally on the GitHub Actions runner to enable faster access to those tools, thereby speeding up those workflows. This change only affects customers who are interacting with the Actions tool cache directly, for example via the `@actions/tool-cache` npm package or directly on the filesystem of a GitHub Actions runner. + + Previously, the Actions tool cache was pre-populated with a single version of the CodeQL bundle with a version number given by the date on which the bundle was published. For example, the `20230109.1` version of the `ubuntu-22.04` Actions runner image is pre-populated with version `0.0.0-20221211` of the CodeQL bundle. + + To enable improvements to the stability of code scanning alerts during Actions runner image updates, upcoming versions of the Actions runner images will pre-populate the tool cache with the latest _two_ versions of the CodeQL bundle. The versions of the CodeQL bundle will also be numbered differently. For example, the next version of the `ubuntu-22.04` Actions runner image will be pre-populated with version `2.10.0-20230105` and version `2.11.6-20221211` of the CodeQL bundle. + + This change will benefit customer workflows on github.com using the latest version of the CodeQL Action (`v2`). Customer workflows on github.com pinned to specific old versions of the CodeQL Action (e.g. `v2.1.32`) will no longer obtain the newest version of CodeQL from the GitHub Actions tool cache, and will instead download a compatible older version of CodeQL from GitHub Releases. To continue using the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (`v2`). ## 2.1.38 - 12 Jan 2023