On March 30, 2022, we released CodeQL Action v2, which runs on the Node.js 16 runtime. In April 2022, we announced that CodeQL Action v1 would be deprecated at the same time as GitHub Enterprise Server (GHES) 3.3.
This deprecation period has elapsed and starting January 18, 2023, CodeQL Action v1 is now discontinued.
It will no longer be updated or supported, and while we will not be deleting it except in the case of a security vulnerability, workflows using it may eventually break.
New CodeQL analysis capabilities will only be available to users of v2.
For more information about this deprecation, please see the original deprecation announcement from April 2022.
If you use code scanning with CodeQL on any of the following platforms, you should update your workflow file(s) to use CodeQL Action v2 as soon as possible:
Users of GHES 3.4.12 or earlier: please read this section in the original deprecation announcement.
To upgrade to the CodeQL Action v2, open your CodeQL workflow file(s) in the .github/workflows directory of your repository and look for references to:
github/codeql-action/init@v1github/codeql-action/autobuild@v1github/codeql-action/analyze@v1github/codeql-action/upload-sarif@v1These entries need to be replaced with their v2 equivalents:
github/codeql-action/init@v2github/codeql-action/autobuild@v2github/codeql-action/analyze@v2github/codeql-action/upload-sarif@v2If you use a pinned version of the CodeQL Action in your workflows, for example github/codeql-action/init@32be38e, check the latest Actions workflow run summary on your repository.
If you see a warning stating that you are running CodeQL Action v1, then please update your workflow to reference v2 or alternatively the latest github/codeql-action commit tagged v2.
All users on GitHub.com, and GHES customers using GitHub Advanced Security with a local copy of github/codeql-action, can use Dependabot to automatically upgrade their Actions dependencies.
For more details on how to set this up, please see this page.
GHES customers should also make sure:
Introducing new push notifications for Actions on Mobile!
Get notified when your workflow runs have succeeded or failed on the go. You can also opt-in to receive notifications for failed workflows only. Head over to the in-app settings, where you can enable these new push types and prioritize what matters to you.
Read more about GitHub Mobile and send us your feedback to help us improve.
In security overview, when you select a team from the Team dropdown or filter by team in either the security risk or the security coverage views, results include repositories where the team has write privileges. Previously, results only included repositories where the team had admin privileges or had been granted access to security alerts.
This has shipped to GitHub.com and will be available in GitHub Enterprise Server 3.9.