Automate the migration of CodeQL Action from v2 to v3 across repositories.
has deprecated CodeQL Action v2, and workflows using it may eventually break. This tool:
- Finds repositories still using CodeQL v2.
- Automatically updates workflows to CodeQL v3.
- Creates pull requests to suggest upgrades.
โ
Scans repositories for CodeQL v2 usage.
โ
Updates workflow files to use CodeQL v3.
โ
Creates pull requests with upgrade suggestions.
โ
Works on public and private repositories.
โ
Can be run manually or as a Action.
git clone https://.com/YOUR-USERNAME/codeql-migrator.git
cd codeql-migratorpython3 -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txtCreate a Personal Access Token (PAT) with repo and workflow permissions.
Set it as an environment variable:
export _TOKEN="your_personal_access_token"python migrator.pyYou can schedule automated runs with Actions.
Create ./workflows/run-migrator.yml:
name: Run CodeQL Migrator
on:
schedule:
- cron: '0 0 * * 1' # Runs every Monday
workflow_dis: # Allows manual triggering
jobs:
run-script:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install Dependencies
run: pip install requests pyyaml 3.py
- name: Run Migration Script
env:
_TOKEN: ${{ secrets._TOKEN }}
run: python migrator.pyAdd this workflow to your repository to automatically migrate CodeQL from v2 to v3:
:/./workflows/codeql-migration.yml name: CodeQL Migration on: schedule: - cron: '0 0 * * 1' # Runs every Monday workflow_dis:
jobs: migrate: runs-on: ubuntu-latest permissions: contents: write pull-requests: write steps: - uses: khulnasoft-lab/codeql-migrator@v1 with: -token: ${{ secrets._TOKEN }}
| Input | Description | Required | Default |
|---|---|---|---|
-token | token for authentication | Yes | - |
per-page | Number of repositories to process | No | '10' |
dry-run | Show what would be done without making changes | No | 'false' |
branch-name | Name of the branch to create for changes | No | 'update-codeql-v3' |
skip-cleanup | Skip cleanup of cloned repositories | No | 'false' |
max-workers | Number of concurrent workers | No | '4' |
log-level | Logging verbosity | No | 'INFO' |
commit-message | Commit message for the changes | No | 'Update CodeQL action to v3' |
pr-title | Title for the pull request | No | 'Update CodeQL action from v2 to v3' |
pr-body | Body text for the pull request | No | 'This PR updates the CodeQL action from v2 to v3.' |
1๏ธโฃ Finds repos using CodeQL v2 via API.
2๏ธโฃ Clones the repo and checks workflow files.
3๏ธโฃ Replaces uses: /codeql-action/*@v2 with @v3.
4๏ธโฃ Commits changes & creates a pull request.
- The script does not store credentials.
- Uses API rate-limits apply.
- Verify pull requests before merging.
- Add CLI options for manual repo input.
- Improve logging and error handling.
- Turn into a App for automatic suggestions.
PRs are welcome! Follow the standard workflow:
- Fork the repository.
- Create a feature branch (
git checkout -b feature-name). - Commit changes (
git commit -m "Add new feature"). - Push to your branch (
git push origin feature-name). - Open a pull request.
Licensed under the MIT License.
If this project helps you, give it a โญ on !
The tool is available as a Docker image from Container Registry:
docker pull ghcr.io/khulnasoft-lab/codeql-migrator:latestRun it with your token:
docker run -e _TOKEN="your_token" ghcr.io/khulnasoft-lab/codeql-migrator:latestYou can also use it with additional parameters:
docker run -e _TOKEN="your_token" ghcr.io/khulnasoft-lab/codeql-migrator:latest \
--per-page 20 \
--dry-run \
--branch-name custom-branch๐ฅ Automate your CodeQL upgrades today! ๐ฅ