Automate the migration of CodeQL Action from v2 to v3 across GitHub repositories.
GitHub has deprecated CodeQL Action v2, and workflows using it may eventually break. This tool:
- Finds repositories still using CodeQL v2.
- Automatically updates workflows to CodeQL v3.
- Creates pull requests to suggest upgrades.
โ
Scans repositories for CodeQL v2 usage.
โ
Updates workflow files to use CodeQL v3.
โ
Creates pull requests with upgrade suggestions.
โ
Works on public and private repositories.
โ
Can be run manually or as a GitHub Action.
git clone https://github.com/YOUR-USERNAME/codeql-migrator.git
cd codeql-migratorpython3 -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -r requirements.txtCreate a GitHub Personal Access Token (PAT) with repo and workflow permissions.
Set it as an environment variable:
export GITHUB_TOKEN="your_personal_access_token"python migrator.pyYou can schedule automated runs with GitHub Actions.
Create .github/workflows/run-migrator.yml:
name: Run CodeQL Migrator
on:
schedule:
- cron: '0 0 * * 1' # Runs every Monday
workflow_dispatch: # Allows manual triggering
jobs:
run-script:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install Dependencies
run: pip install requests pyyaml github3.py
- name: Run Migration Script
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: python migrator.pyAdd this workflow to your repository to automatically migrate CodeQL from v2 to v3:
:/.github/workflows/codeql-migration.yml name: CodeQL Migration on: schedule: - cron: '0 0 * * 1' # Runs every Monday workflow_dispatch:
jobs: migrate: runs-on: ubuntu-latest permissions: contents: write pull-requests: write steps: - uses: khulnasoft-lab/codeql-migrator@v1 with: github-token: ${{ secrets.GITHUB_TOKEN }}
| Input | Description | Required | Default |
|---|---|---|---|
github-token |
GitHub token for authentication | Yes | - |
per-page |
Number of repositories to process | No | '10' |
dry-run |
Show what would be done without making changes | No | 'false' |
branch-name |
Name of the branch to create for changes | No | 'update-codeql-v3' |
skip-cleanup |
Skip cleanup of cloned repositories | No | 'false' |
max-workers |
Number of concurrent workers | No | '4' |
log-level |
Logging verbosity | No | 'INFO' |
commit-message |
Commit message for the changes | No | 'Update CodeQL action to v3' |
pr-title |
Title for the pull request | No | 'Update CodeQL action from v2 to v3' |
pr-body |
Body text for the pull request | No | 'This PR updates the CodeQL action from v2 to v3.' |
1๏ธโฃ Finds repos using CodeQL v2 via GitHub API.
2๏ธโฃ Clones the repo and checks workflow files.
3๏ธโฃ Replaces uses: github/codeql-action/*@v2 with @v3.
4๏ธโฃ Commits changes & creates a pull request.
- The script does not store credentials.
- Uses GitHub API rate-limits apply.
- Verify pull requests before merging.
- Add CLI options for manual repo input.
- Improve logging and error handling.
- Turn into a GitHub App for automatic suggestions.
PRs are welcome! Follow the standard GitHub workflow:
- Fork the repository.
- Create a feature branch (
git checkout -b feature-name). - Commit changes (
git commit -m "Add new feature"). - Push to your branch (
git push origin feature-name). - Open a pull request.
Licensed under the MIT License.
If this project helps you, give it a โญ on GitHub!
The tool is available as a Docker image from GitHub Container Registry:
docker pull ghcr.io/khulnasoft-lab/codeql-migrator:latestRun it with your GitHub token:
docker run -e GITHUB_TOKEN="your_token" ghcr.io/khulnasoft-lab/codeql-migrator:latestYou can also use it with additional parameters:
docker run -e GITHUB_TOKEN="your_token" ghcr.io/khulnasoft-lab/codeql-migrator:latest \
--per-page 20 \
--dry-run \
--branch-name custom-branch๐ฅ Automate your CodeQL upgrades today! ๐ฅ