Python: Don't install deps by default for all users

CHANGELOG.md

@@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 ## [UNRELEASED]
 
-No user facing changes.
+- We have disabled Python dependency installation for all users by default. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior until CodeQL CLI 2.17.0 is released by setting `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false` in your workflow. [#2031](https://github.com/github/codeql-action/pull/2031)
 
 ## 2.22.10 - 12 Dec 2023
 

src/analyze.ts

@@ -105,10 +105,14 @@ async function setupPythonExtractor(
   }
 
   if (
-    await features.getValue(
+    (await features.getValue(
       Feature.DisablePythonDependencyInstallationEnabled,
       codeql,
-    )
+    )) ||
+    (await features.getValue(
+      Feature.PythonDefaultIsToSkipDependencyInstallationEnabled,
+      codeql,
+    ))
   ) {
     logger.warning(
       "We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +

src/feature-flags.ts

@@ -49,6 +49,7 @@ export enum Feature {
   CppDependencyInstallation = "cpp_dependency_installation_enabled",
   DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
   DisablePythonDependencyInstallationEnabled = "disable_python_dependency_installation_enabled",
+  PythonDefaultIsToSkipDependencyInstallationEnabled = "python_default_is_to_skip_dependency_installation_enabled",
   EvaluatorFineGrainedParallelismEnabled = "evaluator_fine_grained_parallelism_enabled",
   ExportDiagnosticsEnabled = "export_diagnostics_enabled",
   QaTelemetryEnabled = "qa_telemetry_enabled",
@@ -103,6 +104,15 @@ export const featureConfig: Record<
     minimumVersion: undefined,
     defaultValue: false,
   },
+  [Feature.PythonDefaultIsToSkipDependencyInstallationEnabled]: {
+    // we can reuse the same environment variable as above. If someone has set it to
+    // `true` in their workflow this means dependencies are not installed, setting it to
+    // `false` means dependencies _will_ be installed. The same semantics are applied
+    // here!
+    envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
+    minimumVersion: "2.16.0",
+    defaultValue: false,
+  },
 };
 
 /**

src/init-action.ts

@@ -294,10 +294,14 @@ async function run() {
       getRequiredInput("setup-python-dependencies") === "true"
     ) {
       if (
-        await features.getValue(
+        (await features.getValue(
           Feature.DisablePythonDependencyInstallationEnabled,
           codeql,
-        )
+        )) ||
+        (await features.getValue(
+          Feature.PythonDefaultIsToSkipDependencyInstallationEnabled,
+          codeql,
+        ))
       ) {
         logger.info("Skipping python dependency installation");
       } else {
@@ -447,15 +451,24 @@ async function run() {
 
     // Disable Python dependency extraction if feature flag set
     if (
-      await features.getValue(
+      (await features.getValue(
         Feature.DisablePythonDependencyInstallationEnabled,
         codeql,
-      )
+      )) ||
+      (await features.getValue(
+        Feature.PythonDefaultIsToSkipDependencyInstallationEnabled,
+        codeql,
+      ))
     ) {
       core.exportVariable(
         "CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION",
         "true",
       );
+    } else {
+      core.exportVariable(
+        "CODEQL_EXTRACTOR_PYTHON_FORCE_ENABLE_LIBRARY_EXTRACTION_UNTIL_2_17_0",
+        "true",
+      );
     }
 
     const sourceRoot = path.resolve(