github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-01-05 06:00:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

update required checks script to handle release branches

Browse Source
This commit is contained in:
nickfyson
2023-12-20 17:19:16 +00:00
parent a110746c60
commit a42c9a2634
4 changed files with 33 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.github/actions/release-branches/release-branches.py vendored
View File

@@ -1,12 +1,19 @@
import argparse
import json
import os
import subprocess
import configparser
# Name of the remote
ORIGIN = 'origin'
OLDEST_SUPPORTED_MAJOR_VERSION = 2
script_dir = os.path.dirname(os.path.realpath(__file__))
grandparent_dir = os.path.dirname(os.path.dirname(script_dir))
config = configparser.ConfigParser()
with open(os.path.join(grandparent_dir, 'releases.ini')) as stream:
config.read_string('[default]\n' + stream.read())
OLDEST_SUPPORTED_MAJOR_VERSION = config['default']['OLDEST_SUPPORTED_MAJOR_VERSION']
def main():

1
.github/releases.ini vendored Normal file
View File

@@ -0,0 +1 @@
OLDEST_SUPPORTED_MAJOR_VERSION=2

22
.github/workflows/script/update-required-checks.sh vendored
View File

@@ -2,6 +2,11 @@
# Update the required checks based on the current branch.
# Typically, this will be main.
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
REPO_DIR="$(dirname "$SCRIPT_DIR")"
GRANDPARENT_DIR="$(dirname "$REPO_DIR")"
source "$GRANDPARENT_DIR/releases.ini"
if ! gh auth status 2>/dev/null; then
gh auth status
echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI."
@@ -29,7 +34,22 @@ echo "$CHECKS" | jq
echo "{\"contexts\": ${CHECKS}}" > checks.json
for BRANCH in main releases/v2; do
echo "Updating main"
gh api --silent -X "PATCH" "repos/github/codeql-action/branches/main/protection/required_status_checks" --input checks.json
# list all branchs on origin remote matching releases/v*
BRANCHES="$(git ls-remote --heads origin 'releases/v*' | sed 's?.*refs/heads/??' | sort -V)"
for BRANCH in $BRANCHES; do
# strip exact 'releases/v' prefix from $BRANCH using count of characters
VERSION="${BRANCH:10}"
if [ "$VERSION" -lt "$OLDEST_SUPPORTED_MAJOR_VERSION" ]; then
echo "Skipping $BRANCH"
continue
fi
echo "Updating $BRANCH"
gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
done