GitHub code scanning with CodeQL works seamlessly with GitHub Actions. For users of other CI/CD systems, we provided a way to run the code analysis using the CodeQL runner. The CodeQL runner acts as the glue between your CI/CD system and the CodeQL analysis engine (CLI).
In response to customer feedback, we have now transferred all CodeQL runner functionality natively into the CodeQL CLI. This means that there are fewer components to install, use, and update if you're running CodeQL code scanning on a 3rd party CI/CD system.
As of CodeQL CLI 2.6.2 (released today), there is now full feature parity between the CodeQL CLI and the runner. We are therefore announcing the deprecation of the CodeQL runner. This affects users of 3rd party CI/CD systems; users of CodeQL code scanning on GitHub Actions are not affected.
Deprecation timeline: GitHub Enterprise Server (GHES)
The CodeQL runner will continue to be part of the GitHub Enterprise Server releasesup to and including the 3.3.x series. It will no longer be part of GitHub Enterprise Server starting the 3.4.0 (scheduled for 2022). The CodeQL CLI is a feature-complete replacement for the CodeQL runner, and is fully compatible with GitHub Enterprise Server.
The CodeQL bundle will continue to contain the CodeQL runner until March 2022. In the run-up to the final release we will start displaying clear deprecation warnings. After March 2022, code scanning API change on GitHub.com will likely not be compatible with older CodeQL runner releases. The CodeQL CLI is a feature-complete replacement for the CodeQL runner, and is fully compatible with GitHub.com.
How does this affect me?
If you’re using CodeQL code scanning on GitHub Actions, you are not affected by this change.
New users of CodeQL code scanning should use CodeQL CLI version >= 2.6.2.
What actions should I take?
You should configure your CI/CD system to use the CodeQL CLI before March 2022 and/or before upgrading to GHES 3.4.0. When setting up the CodeQL CLI, we recommend that you test the CodeQL CLI set up to verify that the CLI is correctly configured to create and analyze databases.
Learn more about how to migrate from the CodeQL runner to CodeQL CLI 2.6.2 here.
GitHub Actions now supports ephemeral (i.e. single job) self-hosted runners and a new workflow_job webhook to make autoscaling your runners easier. After a job is run, ephemeral runners are automatically unregistered from the service, allowing you to do any required post-job management.
Ephemeral runners are a good choice for self-managed environments where you need each job to run on a clean image. A runner is configured as ephemeral by adding the optional --ephemeral parameter during configuration. Learn more about registering ephemeral runners.
Combine ephemeral runners with the new workflow_job webhook to automatically scale your self-hosted runners in response to your Actions job requests, including the runner labels from the runs-on: key from your workflow. Learn more about the workflow_job webhook and how to use it to autoscale your self-hosted runners.