Python: Don't install deps by default for all users

2023-12-13 11:33:21 +01:00 · 2023-12-13 11:33:21 +01:00 · 2f93dd472e
commit 2f93dd472e
parent b995212303
3 changed files with 23 additions and 0 deletions
--- a/src/analyze.ts
+++ b/src/analyze.ts
@ -108,6 +108,10 @@ async function setupPythonExtractor(
    await features.getValue(
      Feature.DisablePythonDependencyInstallationEnabled,
      codeql,
+    ) ||
+    await features.getValue(
+      Feature.PythonDefaultIsToSkipDependencyInstallationEnabled,
+      codeql,
    )
  ) {
    logger.warning(
--- a/src/feature-flags.ts
+++ b/src/feature-flags.ts
@ -49,6 +49,8 @@ export enum Feature {
  CppDependencyInstallation = "cpp_dependency_installation_enabled",
  DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
  DisablePythonDependencyInstallationEnabled = "disable_python_dependency_installation_enabled",
+  // NOTE: `python_default_is_to_skip_dependency_installation_enabled` is never actually returned by the GitHub API.
+  PythonDefaultIsToSkipDependencyInstallationEnabled = "python_default_is_to_skip_dependency_installation_enabled",
  EvaluatorFineGrainedParallelismEnabled = "evaluator_fine_grained_parallelism_enabled",
  ExportDiagnosticsEnabled = "export_diagnostics_enabled",
  QaTelemetryEnabled = "qa_telemetry_enabled",
@ -103,6 +105,15 @@ export const featureConfig: Record<
    minimumVersion: undefined,
    defaultValue: false,
  },
+  [Feature.PythonDefaultIsToSkipDependencyInstallationEnabled]: {
+    // we can reuse the same environment variable as above. If someone has set it to
+    // `true` in their workflow this means dependencies are not installed, setting it to
+    // `false` means dependencies _will_ be installed. The same semantics are applied
+    // here!
+    envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
+    minimumVersion: "2.16.0",
+    defaultValue: true,
+  },
 };

 /**
--- a/src/init-action.ts
+++ b/src/init-action.ts
@ -297,6 +297,10 @@ async function run() {
        await features.getValue(
          Feature.DisablePythonDependencyInstallationEnabled,
          codeql,
+        ) ||
+        await features.getValue(
+          Feature.PythonDefaultIsToSkipDependencyInstallationEnabled,
+          codeql,
        )
      ) {
        logger.info("Skipping python dependency installation");
@ -450,6 +454,10 @@ async function run() {
      await features.getValue(
        Feature.DisablePythonDependencyInstallationEnabled,
        codeql,
+      ) ||
+      await features.getValue(
+        Feature.PythonDefaultIsToSkipDependencyInstallationEnabled,
+        codeql,
      )
    ) {
      core.exportVariable(