name: Update dependency proxy release assets on: workflow_dispatch: inputs: tag: description: "The tag of CodeQL Bundle release that contains the proxy binaries as release assets" type: string required: true jobs: update: name: Update code and create PR timeout-minutes: 15 runs-on: macos-latest permissions: contents: write # needed to push the updated files pull-requests: write # needed to create the PR env: RELEASE_TAG: ${{ inputs.tag }} steps: - name: Install Node uses: actions/setup-node@v4 - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 # ensure we have all tags and can push commits - name: Update git config shell: bash run: | git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --global user.name "github-actions[bot]" - name: Update release tag and version shell: bash run: | NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache sed -i '' "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-[0-9.]*/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts sed -i '' "s/\"v2.0.[0-9]*\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts - name: Push changes and open PR shell: bash env: BRANCH: "dependency-proxy/$RELEASE_TAG" GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" run: | set -exu pr_title="Update release used by `start-proxy` to $RELEASE_TAG" pr_body=$(cat << EOF This PR updates the `start-proxy` action to use the private registry proxy binaries that are attached as release assets to the `$RELEASE_TAG` release. Please do the following before merging: - [ ] Verify that the changes to the code are correct. EOF ) git checkout -b "$BRANCH" npm run build git add ./src/start-proxy-action.ts git add ./lib git commit -m "$pr_title" git push origin "$BRANCH" gh pr create \ --head "$BRANCH" \ --base "main" \ --title "${pr_title}" \ --body "${pr_body}" \ --draft