Merge pull request #2050 from github/nickfyson/add-releases-ini
This commit is contained in:
Nick Fyson
GitHub
commit
49812ec6b6
4 changed files with 36 additions and 6 deletions
|
|
@ -1,12 +1,19 @@
|
||||||
import argparse
|
import argparse
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
import subprocess
|
import configparser
|
||||||
|
|
||||||
# Name of the remote
|
# Name of the remote
|
||||||
ORIGIN = 'origin'
|
ORIGIN = 'origin'
|
||||||
|
|
||||||
OLDEST_SUPPORTED_MAJOR_VERSION = 2
|
script_dir = os.path.dirname(os.path.realpath(__file__))
|
||||||
|
grandparent_dir = os.path.dirname(os.path.dirname(script_dir))
|
||||||
|
|
||||||
|
config = configparser.ConfigParser()
|
||||||
|
with open(os.path.join(grandparent_dir, 'releases.ini')) as stream:
|
||||||
|
config.read_string('[default]\n' + stream.read())
|
||||||
|
|
||||||
|
OLDEST_SUPPORTED_MAJOR_VERSION = config['default']['OLDEST_SUPPORTED_MAJOR_VERSION']
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
|
|
||||||
|
|
|
||||||
1
.github/releases.ini
vendored
Normal file
1
.github/releases.ini
vendored
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
OLDEST_SUPPORTED_MAJOR_VERSION=2
|
||||||
|
|
@ -2,6 +2,11 @@
|
||||||
# Update the required checks based on the current branch.
|
# Update the required checks based on the current branch.
|
||||||
# Typically, this will be main.
|
# Typically, this will be main.
|
||||||
|
|
||||||
|
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
|
||||||
|
REPO_DIR="$(dirname "$SCRIPT_DIR")"
|
||||||
|
GRANDPARENT_DIR="$(dirname "$REPO_DIR")"
|
||||||
|
source "$GRANDPARENT_DIR/releases.ini"
|
||||||
|
|
||||||
if ! gh auth status 2>/dev/null; then
|
if ! gh auth status 2>/dev/null; then
|
||||||
gh auth status
|
gh auth status
|
||||||
echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI."
|
echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI."
|
||||||
|
|
@ -29,7 +34,22 @@ echo "$CHECKS" | jq
|
||||||
|
|
||||||
echo "{\"contexts\": ${CHECKS}}" > checks.json
|
echo "{\"contexts\": ${CHECKS}}" > checks.json
|
||||||
|
|
||||||
for BRANCH in main releases/v2; do
|
echo "Updating main"
|
||||||
|
gh api --silent -X "PATCH" "repos/github/codeql-action/branches/main/protection/required_status_checks" --input checks.json
|
||||||
|
|
||||||
|
# list all branchs on origin remote matching releases/v*
|
||||||
|
BRANCHES="$(git ls-remote --heads origin 'releases/v*' | sed 's?.*refs/heads/??' | sort -V)"
|
||||||
|
|
||||||
|
for BRANCH in $BRANCHES; do
|
||||||
|
|
||||||
|
# strip exact 'releases/v' prefix from $BRANCH using count of characters
|
||||||
|
VERSION="${BRANCH:10}"
|
||||||
|
|
||||||
|
if [ "$VERSION" -lt "$OLDEST_SUPPORTED_MAJOR_VERSION" ]; then
|
||||||
|
echo "Skipping $BRANCH"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Updating $BRANCH"
|
echo "Updating $BRANCH"
|
||||||
gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
|
gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -76,7 +76,9 @@ Since the `codeql-action` runs most of its testing through individual Actions wo
|
||||||
|
|
||||||
1. By default, this script retrieves the checks from the latest SHA on `main`, so make sure that your `main` branch is up to date.
|
1. By default, this script retrieves the checks from the latest SHA on `main`, so make sure that your `main` branch is up to date.
|
||||||
2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument.
|
2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument.
|
||||||
3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v1`, and `v2` have been updated.
|
3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v2`, and `v3` have been updated.
|
||||||
|
|
||||||
|
Note that any updates to checks need to be backported to the `releases/v2` branch, in order to maintain the same set of names for required checks.
|
||||||
|
|
||||||
## Deprecating a CodeQL version (write access required)
|
## Deprecating a CodeQL version (write access required)
|
||||||
|
|
||||||
|
|
@ -111,8 +113,8 @@ To deprecate an older version of the Action:
|
||||||
- Add a changelog note announcing the deprecation.
|
- Add a changelog note announcing the deprecation.
|
||||||
- Implement an Actions warning for customers using the deprecated version.
|
- Implement an Actions warning for customers using the deprecated version.
|
||||||
1. Wait for the deprecation period to pass.
|
1. Wait for the deprecation period to pass.
|
||||||
1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported.
|
1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported.
|
||||||
1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py). Once this PR is merged, the release process will no longer backport changes to the deprecated release version.
|
1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [releases.ini](.github/releases.ini). Once this PR is merged, the release process will no longer backport changes to the deprecated release version.
|
||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue