On December 13, 2023, we released CodeQL Action v3, which runs on the Node.js 20 runtime. CodeQL Action v2 will be deprecated at the same time as GHES 3.11, which is currently scheduled for December 2024.
How does this affect me?
Users of code scanning default setup do not need to take any action in order to automatically move to CodeQL Action v3.
Users of code scanning advanced setup need to change their workflow files in order to start using CodeQL Action v3.
All users of GitHub code scanning (which by default uses the CodeQL analysis engine) on GitHub Actions on the following platforms should update their workflow files:
- GitHub.com (including open source repositories, users of GitHub Teams and GitHub Enterprise Cloud)
- GitHub Enterprise Server (GHES) 3.12 (and newer)
Users of the above-mentioned platforms should update their CodeQL workflow file(s) to refer to the new
v3 version of the CodeQL Action. Note that the upcoming release of GitHub Enterprise Server 3.12 will ship with
v3 of the CodeQL Action included.
Users of GitHub Enterprise Server 3.11
While GHES 3.11 does support Node 20 Actions, it does not ship with CodeQL Action v3. Users who want to migrate to
v3 on GHES 3.11 should request that their system administrator enables GitHub Connect to download
v3 onto GHES before updating their workflow files.
Users of GitHub Enterprise Server 3.10 (and older)
GHES 3.10 (and earlier) does not support running Actions using the Node 20 runtime and is therefore unable to run CodeQL Action v3. Please upgrade to a newer version of GitHub Enterprise Server prior to changing your CodeQL Action workflow files.
Exactly what do I need to change?
To upgrade to CodeQL Action v3, open your CodeQL workflow file(s) in the
.github directory of your repository and look for references to:
These entries need to be replaced with their
Can I use Dependabot to help me with this upgrade?
Yes, you can! For more details on how to configure Dependabot to automatically upgrade your Actions dependencies, please see this page.
What happens in December 2024?
In December 2024, CodeQL Action v2 will be officially deprecated (at the same time as the GHES 3.11 deprecation). At that point, no new updates will be made to CodeQL Action v2, which means that new CodeQL analysis capabilities will only be available to users of CodeQL Action v3. We will keep a close eye on the migration progress across GitHub. If many workflow files still refer to CodeQL Action v2, we might consider scheduling one or more brownout moments later in the year to increase awareness.