mirror of
https://github.com/github/codeql-action.git
synced 2025-12-06 07:48:17 +08:00
5bd8069afb
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
93 lines
2.9 KiB
YAML
93 lines
2.9 KiB
YAML
name: Update default CodeQL bundle
|
|
|
|
on:
|
|
release:
|
|
# From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release
|
|
# Note: The prereleased type will not trigger for pre-releases published
|
|
# from draft releases, but the published type will trigger. If you want a
|
|
# workflow to run when stable and pre-releases publish, subscribe to
|
|
# published instead of released and prereleased.
|
|
#
|
|
# From https://github.com/orgs/community/discussions/26281
|
|
# As a work around, in published type workflow, you could add if condition
|
|
# to filter pre-release attribute.
|
|
types: [published]
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
update-bundle:
|
|
if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-')
|
|
runs-on: ubuntu-slim
|
|
permissions:
|
|
contents: write # needed to push commits
|
|
pull-requests: write # needed to create pull requests
|
|
steps:
|
|
- name: Dump environment
|
|
run: env
|
|
|
|
- name: Dump GitHub context
|
|
env:
|
|
GITHUB_CONTEXT: '${{ toJson(github) }}'
|
|
run: echo "$GITHUB_CONTEXT"
|
|
|
|
- uses: actions/checkout@v6
|
|
|
|
- name: Update git config
|
|
run: |
|
|
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
git config --global user.name "github-actions[bot]"
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v6
|
|
with:
|
|
python-version: '3.12'
|
|
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 24
|
|
cache: 'npm'
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Update bundle
|
|
uses: ./.github/actions/update-bundle
|
|
|
|
- name: Rebuild Action
|
|
run: npm run build
|
|
|
|
- name: Commit and push changes
|
|
env:
|
|
RELEASE_TAG: "${{ github.event.release.tag_name }}"
|
|
run: |
|
|
git checkout -b "update-bundle/$RELEASE_TAG"
|
|
git commit -am "Update default bundle to $RELEASE_TAG"
|
|
git push --set-upstream origin "update-bundle/$RELEASE_TAG"
|
|
|
|
- name: Open pull request
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
cli_version=$(jq -r '.cliVersion' src/defaults.json)
|
|
pr_url=$(gh pr create \
|
|
--title "Update default bundle to $cli_version" \
|
|
--body "This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." \
|
|
--assignee "$GITHUB_ACTOR" \
|
|
--draft \
|
|
)
|
|
echo "CLI_VERSION=$cli_version" | tee -a "$GITHUB_ENV"
|
|
echo "PR_URL=$pr_url" | tee -a "$GITHUB_ENV"
|
|
|
|
- name: Create changelog note
|
|
run: |
|
|
python .github/workflows/script/bundle_changelog.py
|
|
|
|
- name: Push changelog note
|
|
run: |
|
|
git commit -am "Add changelog note"
|
|
git push
|