From 3d62f02555780b04eb68af3f8889562666da12c2 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 18 Jan 2023 15:59:07 +0000 Subject: [PATCH] Update changelog note --- CHANGELOG.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f57d0c5787..f2ccd31773 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,11 +11,10 @@ - **A change may be required** for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before `v2.2.0` (e.g. `v2.1.32`): - Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image. - Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (`v2`). - - **Advanced users only**: Workflows that interact directly with the GitHub Actions runner image tool cache to find CodeQL, for example via the `@actions/tool-cache` npm package or direct access to the filesystem, should take into account the following internal layout changes: - - Previously, the tool cache was pre-populated with _one_ recent version of CodeQL. Now, it is pre-populated with _two_ recent versions of CodeQL. - - Previously, the CodeQL tools were located within the tool cache under a directory named after the release date, e.g. CodeQL 2.11.6 was located under `CodeQL/0.0.0-20221211/x64/codeql`. Now, the CodeQL tools are located under a directory named after the CodeQL CLI version number and release date, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql`. - - Where possible, we recommend downloading and managing the CodeQL CLI via the [CodeQL extension for the GitHub CLI](https://github.com/github/gh-codeql) or [GitHub Releases](https://github.com/github/codeql-cli-binaries/releases) rather than using the CodeQL tools from the runner image tool cache. + - **Internal changes** + - These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses [@actions/tool-cache](https://github.com/actions/toolkit/tree/main/packages/tool-cache) or relies on the precise location of CodeQL within the Actions tool cache. + - The tool cache now contains **two** recent CodeQL versions (previously **one**). + - Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql` (previously `CodeQL/0.0.0-20221211/x64/codeql`). - Python automatic dependency installation will no longer fail for projects using Poetry that specify `virtualenvs.options.no-pip = true` in their `poetry.toml`. [#1431](https://github.com/github/codeql-action/pull/1431). - Avoid printing a stack trace and error message when the action fails to find the SHA at the current directory. This will happen in several non-error states and so we now avoid cluttering the