[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unclear release notes / change log #1775

Open
marcrohlfs opened this issue Jul 13, 2023 · 2 comments
Open

Unclear release notes / change log #1775

marcrohlfs opened this issue Jul 13, 2023 · 2 comments
Labels
question Further information is requested

Comments

@marcrohlfs
Copy link

We're using the codeql-action action and try to keep it up-to-date using Dependabot. Such PRs are not merged unthinkingly, we normally check the changes (new features, bugfixes etc.) first. Unfortunately the changelog for new versions/tags of the codeql-action action is often not very helpful to find out what's actually changed, especially when it comes to the CodeQL bundle. We often see something like "Update default CodeQL bundle version to [x.y.z]", but there's no information about the changes that come with the new bundle version (e.g. if rule implementations have been added, removed or fixed etc). And trying to find this out by checking the tags and history of the github/codeql repo doesn't help much either. Am I just missing places where I should look for such information? Or is there actually improvement potential on release notes and changelogs?

(This somehow seems to be similar to #1728, but I didn't want to continue on an already closed issue.)
@aeisenberg aeisenberg added the question Further information is requested label Jul 13, 2023
@aeisenberg
Copy link
Contributor

Thanks for the question. The changelog for the action bundle is located here: https://github.com/github/codeql-action/releases. I realize that this is not the most discoverable place to put it and we are discussing ways to make this easier to find.

@aeisenberg aeisenberg mentioned this issue Jul 13, 2023
Merged
3 tasks
@marcrohlfs
Copy link
Author

Already found that, but it's still confusing. Looking at the changelogs of the language packs that are inked no that page, there're totally different version numbers and no information or cross references what language pack versions are part of what bundle versions.

Example:
Dependabot recently offered to update the codeql-action from 2.20.2 to 2.20.3. Digging in, I found that the bundle version is updated to 2.13.5 with this. Only when looking at the source changes of linked PR, I found out that it was 2.13.4 before. But also in the changes you see that the version scheme doesn't seem consistent (see priorBundleVersion). Now I can check the codeql-bundle-v2.13.5 release notes and from there to the changelogs of language packs I'm interested in, e.g. codeql/java-queries. Here I find totally different version numbers and no information which one is included in what bundle version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aeisenberg @marcrohlfs