robojerk/codeql-action

Merge branch 'main' into mergeback/v2.1.10-to-main-03e2e3c4

Browse source
This commit is contained in:
Henry Mercer 2022-05-11 12:00:48 +01:00 committed by GitHub
commit 4f87830a1f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

20
CONTRIBUTING.md
View file

@ -80,23 +80,11 @@ Here are a few things you can do that will increase the likelihood of your pull
## Keeping the PR checks up to date (admin access required)
Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the checks automatically by running the [Update required checks](.github/workflows/update-required-checks.yml) workflow.
Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the checks automatically by running the [update-required-checks.sh](.github/workflows/script/update-required-checks.sh) script:
Or you can use this semi-automated approach:
1. In a terminal check out the `SHA` whose checks you want to use as the base. Typically, this will be `main`.
2. From a terminal, run the following commands:
```sh
SHA="$(git rev-parse HEAD)"
CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" or . == "Update Supported Enterprise Server Versions" | not)]')"
echo "{\"contexts\": ${CHECKS}}" > checks.json
gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
gh api -X "PATCH" repos/github/codeql-action/branches/releases/v2/protection/required_status_checks --input checks.json
gh api -X "PATCH" repos/github/codeql-action/branches/releases/v1/protection/required_status_checks --input checks.json
````
3. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated.
1. By default, this script retrieves the checks from the latest SHA on `main`, so make sure that your `main` branch is up to date.
2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument.
3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v1`, and `v2` have been updated.
## Resources

2
node_modules/.package-lock.json generated vendored
View file

@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "2.1.10",
"version": "2.1.11",
"lockfileVersion": 2,
"requires": true,
"packages": {

13
python-setup/install_tools.sh
View file

@ -29,9 +29,16 @@ python3 -m pip install --user poetry!=1.0.10
python3 -m pip install --user pipenv
if command -v python2 >/dev/null 2>&1; then
# Setup Python 2 dependency installation tools.
# The Ubuntu 20.04 GHA environment does not come with a Python 2 pip
curl --location --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python2
# Setup Python 2 dependency installation tools. The Ubuntu 20.04 GHA environment
# does not come with a Python 2 pip, but if it is already installed, don't try to
# install it again (since that causes problems).
#
# This might seem like a hypothetical situation, but it happens all the time in our
# internal testing where we run the action twice in a row.
if ! python2 -m pip --version; then
echo "Will install pip for python2"
curl --location --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python2
fi
python2 -m pip install --user --upgrade pip setuptools wheel