mirror of
https://github.com/github/codeql-action.git
synced 2026-01-01 04:00:24 +08:00
1a80c9b44e
Bumps the actions group with 4 updates: [actions/setup-go](https://github.com/actions/setup-go), [actions/github-script](https://github.com/actions/github-script), [actions/setup-node](https://github.com/actions/setup-node) and [actions/setup-python](https://github.com/actions/setup-python). Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5...v6) Updates `actions/github-script` from 7 to 8 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v7...v8) Updates `actions/setup-node` from 4 to 5 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v5) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-node dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
104 lines
3.6 KiB
YAML
104 lines
3.6 KiB
YAML
name: Update default CodeQL bundle
|
|
|
|
on:
|
|
release:
|
|
# From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release
|
|
# Note: The prereleased type will not trigger for pre-releases published
|
|
# from draft releases, but the published type will trigger. If you want a
|
|
# workflow to run when stable and pre-releases publish, subscribe to
|
|
# published instead of released and prereleased.
|
|
#
|
|
# From https://github.com/orgs/community/discussions/26281
|
|
# As a work around, in published type workflow, you could add if condition
|
|
# to filter pre-release attribute.
|
|
types: [published]
|
|
|
|
jobs:
|
|
update-bundle:
|
|
if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-')
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write # needed to push commits
|
|
pull-requests: write # needed to create pull requests
|
|
steps:
|
|
- name: Dump environment
|
|
run: env
|
|
|
|
- name: Dump GitHub context
|
|
env:
|
|
GITHUB_CONTEXT: '${{ toJson(github) }}'
|
|
run: echo "$GITHUB_CONTEXT"
|
|
|
|
- uses: actions/checkout@v5
|
|
|
|
- name: Update git config
|
|
run: |
|
|
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
git config --global user.name "github-actions[bot]"
|
|
|
|
- name: Set up Node.js
|
|
uses: actions/setup-node@v5
|
|
with:
|
|
node-version: '20.x'
|
|
cache: 'npm'
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Update bundle
|
|
uses: ./.github/actions/update-bundle
|
|
|
|
- name: Rebuild Action
|
|
run: npm run build
|
|
|
|
- name: Commit and push changes
|
|
env:
|
|
RELEASE_TAG: "${{ github.event.release.tag_name }}"
|
|
run: |
|
|
git checkout -b "update-bundle/$RELEASE_TAG"
|
|
git commit -am "Update default bundle to $RELEASE_TAG"
|
|
git push --set-upstream origin "update-bundle/$RELEASE_TAG"
|
|
|
|
- name: Open pull request
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
cli_version=$(jq -r '.cliVersion' src/defaults.json)
|
|
pr_url=$(gh pr create \
|
|
--title "Update default bundle to $cli_version" \
|
|
--body "This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." \
|
|
--assignee "$GITHUB_ACTOR" \
|
|
--draft \
|
|
)
|
|
echo "CLI_VERSION=$cli_version" | tee -a "$GITHUB_ENV"
|
|
echo "PR_URL=$pr_url" | tee -a "$GITHUB_ENV"
|
|
|
|
- name: Create changelog note
|
|
shell: python
|
|
run: |
|
|
import os
|
|
import re
|
|
|
|
# Get the PR number from the PR URL.
|
|
pr_number = os.environ['PR_URL'].split('/')[-1]
|
|
changelog_note = f"- Update default CodeQL bundle version to {os.environ['CLI_VERSION']}. [#{pr_number}]({os.environ['PR_URL']})"
|
|
|
|
# If the "[UNRELEASED]" section starts with "no user facing changes", remove that line.
|
|
# Use perl to avoid having to escape the newline character.
|
|
|
|
with open('CHANGELOG.md', 'r') as f:
|
|
changelog = f.read()
|
|
|
|
changelog = changelog.replace('## [UNRELEASED]\n\nNo user facing changes.', '## [UNRELEASED]\n')
|
|
|
|
# Add the changelog note to the bottom of the "[UNRELEASED]" section.
|
|
changelog = re.sub(r'\n## (\d+\.\d+\.\d+)', f'{changelog_note}\n\n## \\1', changelog, count=1)
|
|
|
|
with open('CHANGELOG.md', 'w') as f:
|
|
f.write(changelog)
|
|
|
|
- name: Push changelog note
|
|
run: |
|
|
git commit -am "Add changelog note"
|
|
git push
|