Skip to main content
All products
Code security

This version of GitHub Enterprise was discontinued on 2023-07-06. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Warning: "1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary"

If you see this warning, you should update your workflow to follow current best practice.

Code scanning is available for organization-owned repositories in GitHub Enterprise Server. This feature requires a license for GitHub Advanced Security. For more information, see "About GitHub Advanced Security."

If you're using an old CodeQL workflow you may get the following warning in the output from the "Initialize CodeQL" action:

Warning: 1 issue was detected with this workflow: git checkout HEAD^2 is no longer
necessary. Please remove this step as Code Scanning recommends analyzing the merge
commit for best results.

Fix this by removing the following lines from the CodeQL workflow. These lines were included in the steps section of the Analyze job in initial versions of the CodeQL workflow.

        with:
          # We must fetch at least the immediate parents so that if this is
          # a pull request then we can checkout the head.
          fetch-depth: 2

      # If this run was triggered by a pull request event, then checkout
      # the head of the pull request instead of the merge commit.
      - run: git checkout HEAD^2
        if: ${{ github.event_name == 'pull_request' }}

The revised steps section of the workflow will look like this:

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v2

      ...

For more information about editing the CodeQL workflow file, see "Customizing code scanning."